cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-54712 - Hashthemes Easy Elementor Addons Missing Authorization Vulnerability

CVE ID : CVE-2025-54712
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a through 2.2.7.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54715 - UKR Solution Barcode Scanner with Inventory Order Manager Path Traversal

CVE ID : CVE-2025-54715
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager allows Path Traversal. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.9.0.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54717 - e-Plugins WP Membership Missing Authorization Vulnerability

CVE ID : CVE-2025-54717
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54727 - CreativeMindsSolutions CM On Demand Search And Replace Stored Cross-site Scripting

CVE ID : CVE-2025-54727
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54728 - CreativeMindsSolutions CM On Demand Search And Replace CSRF Vulnerability

CVE ID : CVE-2025-54728
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54729 - Webba Booking Cross-site Scripting

CVE ID : CVE-2025-54729
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects Webba Booking: from n/a through 6.0.5.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54730 - PARETO Digital Embedder for Google Reviews Missing Authorization Vulnerability

CVE ID : CVE-2025-54730
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54732 - Shahjada WPDM Premium Packages CSRF Vulnerability

CVE ID : CVE-2025-54732
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54736 - NordicMade Savoy Information Exposure

CVE ID : CVE-2025-54736
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54739 - Nexter Blocks Missing Authorization Vulnerability

CVE ID : CVE-2025-54739
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a through 4.5.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54740 - Michael Nelson Print My Blog Stored Cross-site Scripting

CVE ID : CVE-2025-54740
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My Blog: from n/a through 3.27.9.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54746 - Cartpauj Shortcode Redirect Cross-site Scripting

CVE ID : CVE-2025-54746
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a through 1.0.02.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54747 - WordPress Templatera Cross-Site Scripting (XSS)

CVE ID : CVE-2025-54747
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS. This issue affects Templatera: from n/a through 2.3.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-54749 - Crocoblock JetProductGallery Cross-site Scripting

CVE ID : CVE-2025-54749
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS. This issue affects JetProductGallery: from n/a through 2.2.0.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55708 - ExpressTech Systems Quiz And Survey Master SQL Injection

CVE ID : CVE-2025-55708
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.4.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55709 - Visual Composer Website Builder Stored Cross-site Scripting Vulnerability

CVE ID : CVE-2025-55709
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through n/a.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55710 - TaxoPress Information Disclosure

CVE ID : CVE-2025-55710
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.37.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55711 - WordPress Table Builder Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-55711
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Table Builder: from n/a through 2.0.12.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55712 - POSIMYTH The Plus Addons for Elementor Page Builder Lite Missing Authorization Vulnerability

CVE ID : CVE-2025-55712
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55713 - Blocksy Stored Cross-Site Scripting

CVE ID : CVE-2025-55713
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55714 - Crocoblock JetElements For Elementor Cross-site Scripting (XSS)

CVE ID : CVE-2025-55714
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-55716 - VeronaLabs WP Statistics Missing Authorization Vulnerability

CVE ID : CVE-2025-55716
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-8975 - Givanz Vvveb Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8975
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named 84c11d69df8452dc378feecd17e2a62ac10dac66. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-8976 - "Givanz Vvveb Endpoint Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-8976
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2025-8978 - D-Link DIR-619L Boa Authentication Bypass Vulnerability

CVE ID : CVE-2025-8978
Published : Aug. 14, 2025, 7:15 p.m. | 40 minutes ago
Description : A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 19:15:00 GMT

read more

CVE-2023-43687 - Malwarebytes Race Condition Code Execution Vulnerability

CVE ID : CVE-2023-43687
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2024-37945 - Elementor Page Builder WPBITS Addons Stored Cross-site Scripting (XSS)

CVE ID : CVE-2024-37945
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-21110 - Dell Data Lakehouse Privilege Escalation Vulnerability

CVE ID : CVE-2025-21110
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-51986 - FreeMODBUS Demo/LINUXTCP Infinite Loop Vulnerability

CVE ID : CVE-2025-51986
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-52335 - EyouCMS Cross Site Scripting (XSS)

CVE ID : CVE-2025-52335
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-8972 - iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8972
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-8973 - SourceCodester Cashier Queuing System SQL Injection Vulnerability

CVE ID : CVE-2025-8973
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-8974 - Litemall JSON Web Token Handler Remote Hard-Coded Credentials Vulnerability

CVE ID : CVE-2025-8974
Published : Aug. 14, 2025, 6:15 p.m. | 28 minutes ago
Description : A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 18:15:00 GMT

read more

CVE-2025-20254 - Cisco Secure Firewall ASA/FTD IKEv2 Packet Parsing Denial of Service

CVE ID : CVE-2025-20254
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20263 - Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability

CVE ID : CVE-2025-20263
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system.  This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20265 - "Cisco Secure Firewall Management Center RADIUS Command Injection Vulnerability"

CVE ID : CVE-2025-20265
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20268 - "Cisco Secure Firewall Threat Defense (FTD) Geolocation-Based Remote Access VPN HTTP Bypass Vulnerability"

CVE ID : CVE-2025-20268
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists because the URL string is not fully parsed. An attacker could exploit this vulnerability by sending a crafted HTTP connection through the targeted device. A successful exploit could allow the attacker to bypass configured policies and gain access to a network where the connection should have been denied.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20301 - Cisco Secure FMC Software Domain Traverse Authorization Bypass

CVE ID : CVE-2025-20301
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a troubleshoot file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to retrieve a troubleshoot file for a different domain, which could allow the attacker to access sensitive information contained in the troubleshoot file.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20302 - "Cisco Secure FMC Domain Report Access Bypass"

CVE ID : CVE-2025-20302
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a generated report file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to access a previously run report for a different domain, which could allow an attacker to read activity recorded in that domain.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20306 - Cisco Secure Firewall Management Center FMC Remote Command Execution Vulnerability

CVE ID : CVE-2025-20306
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-50515 - "Empirebak Phome Code Injection Vulnerability"

CVE ID : CVE-2025-50515
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-50817 - "Python-Future Arbitrary Code Execution Vulnerability"

CVE ID : CVE-2025-50817
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-55192 - Tapo-Control GitHub Actions Code Injection Vulnerability

CVE ID : CVE-2025-55192
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impacts the GitHub Actions environment for this repository. The vulnerable workflow directly inserted user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper sanitization. A malicious GitHub user could craft an issue body that executes arbitrary commands on the GitHub Actions runner in a privileged context whenever an issue is opened. The potential impact is limited to the repository’s CI/CD environment, which could allow access to repository contents or GitHub Actions secrets. This issue has been patched via commit 2a3b80f. Workarounds involve disabling the affected workflow (issues.yml), replacing the unsafe Bash comparison with a safe quoted grep (or a pure GitHub Actions expression check), or ensuring minimal permissions in workflows (permissions: block) to reduce possible impact.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-55195 - Deno Standard Library Prototype Pollution

CVE ID : CVE-2025-55195
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : @std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-8968 - iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8968
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-8969 - iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8969
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-8970 - iSourcecode Online Tour and Travel Management System SQL Injection

CVE ID : CVE-2025-8970
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-8971 - iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8971
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument val-username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-9039 - Amazon ECS Agent Cross-Site Access Vulnerability

CVE ID : CVE-2025-9039
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. If customers cannot update to the latest AMI, they can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-9043 - Seagate Toolkit Unquoted Search Path Vulnerability

CVE ID : CVE-2025-9043
Published : Aug. 14, 2025, 5:15 p.m. | 1 hour, 28 minutes ago
Description : The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20237 - "Cisco Secure Firewall Adaptive Security Appliance and FTD Software Command Injection"

CVE ID : CVE-2025-20237
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20238 - Cisco Secure Firewall ASA/FTD Command Injection Vulnerability

CVE ID : CVE-2025-20238
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20239 - "Cisco IKEv2 Memory Leak Vulnerability"

CVE ID : CVE-2025-20239
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20243 - Cisco Secure Firewall ASA/FTD Unauthenticated Remote DoS Vulnerability

CVE ID : CVE-2025-20243
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to improper validation of user-supplied input on an interface with VPN web services. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on an affected device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20244 - Cisco Secure Firewall Adaptive Security Appliance/Threat Defense SSL VPN HTTP Header Field Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-20244
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20251 - Cisco Secure Firewall ASA/FTD Remote File Creation and Deletion Vulnerability (Authentication Bypass)

CVE ID : CVE-2025-20251
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover. This vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive. To exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20252 - Cisco Secure Firewall Adaptive Security Appliance IKEv2 Memory Leak Denial of Service

CVE ID : CVE-2025-20252
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2025-20253 - Cisco IKEv2 DoS Vulnerability

CVE ID : CVE-2025-20253
Published : Aug. 14, 2025, 5:15 p.m. | 40 minutes ago
Description : A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause an infinite loop that exhausts resources and could cause the device to reload.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 17:15:00 GMT

read more

CVE-2023-43694 - Malwarebytes Out-Of-Bounds Read Denial Of Service

CVE ID : CVE-2023-43694
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-33142 - IBM WebSphere Application Server TLS Weak Security

CVE ID : CVE-2025-33142
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-36047 - IBM WebSphere Application Server Liberty Denial of Service

CVE ID : CVE-2025-36047
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-50518 - Libcoap Use-After-Free Vulnerability

CVE ID : CVE-2025-50518
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-53631 - FlaskBlog Flask XSS Vulnerability

CVE ID : CVE-2025-53631
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. At time of publication, there are no public patches available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-54389 - AIDE Terminal Escape Sequence Injection Vulnerability

CVE ID : CVE-2025-54389
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-54409 - "AIDE Null Pointer Dereference Vulnerability"

CVE ID : CVE-2025-54409
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-54867 - Youki Container Runtime RootFS Escalation

CVE ID : CVE-2025-54867
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-8965 - "Litemall Unrestricted File Upload Vulnerability"

CVE ID : CVE-2025-8965
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-8966 - iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8966
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-8967 - iSourcecode Online Tour and Travel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8967
Published : Aug. 14, 2025, 4:15 p.m. | 49 minutes ago
Description : A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 16:15:00 GMT

read more

CVE-2025-36612 - Dell SupportAssist Incorrect Privilege Assignment Vulnerability

CVE ID : CVE-2025-36612
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-36613 - Dell SupportAssist Incorrect Privilege Assignment Vulnerability

CVE ID : CVE-2025-36613
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-38738 - Dell SupportAssist Incorrect Privilege Assignment

CVE ID : CVE-2025-38738
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-38745 - Dell OpenManage Enterprise Log Insertion Information Exposure

CVE ID : CVE-2025-38745
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-40758 - Mendix SAML Authentication Hijacking Vulnerability

CVE ID : CVE-2025-40758
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-43983 - KuWFi CPF908-CP5 WEB LCD Device Authentication Bypass and Command Injection

CVE ID : CVE-2025-43983
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password), modify critical device settings, and send arbitrary SMS messages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-7971 - Rockwell Automation Studio 5000 Logix Designer Environment Variable Injection Vulnerability

CVE ID : CVE-2025-7971
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-7972 - Rockwell Automation FactoryTalk Linx Network Browser Node Validation Bypass

CVE ID : CVE-2025-7972
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-8875 - N-able N-central Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE ID : CVE-2025-8875
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-8876 - N-able N-central OS Command Injection

CVE ID : CVE-2025-8876
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-8962 - Hostel Management System Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8962
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-8964 - Code-Projects Hostel Management System Local Authentication Bypass

CVE ID : CVE-2025-8964
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-9041 - " Schneider Electric 5094-IF8 CIP Class 32 Inhibition Module Fault Vulnerability"

CVE ID : CVE-2025-9041
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-9042 - " Schneider Electric 5094-IY8 CIP Class 32 Module Inhibition Vulnerability"

CVE ID : CVE-2025-9042
Published : Aug. 14, 2025, 3:15 p.m. | 1 hour, 49 minutes ago
Description : A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-26484 - Dell CloudLink XML External Entity Reference Denial of Service Vulnerability

CVE ID : CVE-2025-26484
Published : Aug. 14, 2025, 3:15 p.m. | 26 minutes ago
Description : Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-27845 - ESPEC North America Web Controller Authentication Bypass

CVE ID : CVE-2025-27845
Published : Aug. 14, 2025, 3:15 p.m. | 26 minutes ago
Description : In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-27846 - ESPEC North America Web Controller Bootloader Privilege Escalation

CVE ID : CVE-2025-27846
Published : Aug. 14, 2025, 3:15 p.m. | 26 minutes ago
Description : In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2025-27847 - ESPEC North America Web Controller Authentication Privilege Escalation

CVE ID : CVE-2025-27847
Published : Aug. 14, 2025, 3:15 p.m. | 26 minutes ago
Description : In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 15:15:00 GMT

read more

CVE-2024-53945 - KuWFi 4G AC900 LTE Router Command Injection Vulnerability

CVE ID : CVE-2024-53945
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2024-53946 - KuWFi 4G LTE AC900 Router CSRF Vulnerability

CVE ID : CVE-2024-53946
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-36581 - Dell PowerEdge AMD BIOS Buffer Access Vulnerability

CVE ID : CVE-2025-36581
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-43984 - KuWFi GC111 Command Injection Vulnerability

CVE ID : CVE-2025-43984
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-55672 - Apache Superset Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-55672
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-55673 - Apache Superset Database Schema Disclosure

CVE ID : CVE-2025-55673
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-55674 - Apache Superset SQL Function Bypass Vulnerability

CVE ID : CVE-2025-55674
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-55675 - Apache Superset Unauthenticated Datasource Enumeration

CVE ID : CVE-2025-55675
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-7353 - Rockwell Automation ControlLogix Ethernet Modules Remote Code Execution Vulnerability

CVE ID : CVE-2025-7353
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-7773 - "Fortinet 5032 Web Server Predictable Session ID"

CVE ID : CVE-2025-7773
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-7774 - "Fortinet 5032 Session Credential Exposure Vulnerability"

CVE ID : CVE-2025-7774
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-7973 - Allen-Bradley FactoryTalk ViewPoint Privilege Escalation

CVE ID : CVE-2025-7973
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2025-9036 - Citrix Workspace Token Replay Vulnerability

CVE ID : CVE-2025-9036
Published : Aug. 14, 2025, 2:15 p.m. | 49 minutes ago
Description : A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 14:15:00 GMT

read more

CVE-2023-5342 - Apache Struts Remote Code Execution

CVE ID : CVE-2023-5342
Published : Aug. 14, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : Rejected reason: The original vulnerability was not valid.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 13:15:00 GMT

read more

CVE-2025-8713 - PostgreSQL View and Row Security Statistics Information Disclosure

CVE ID : CVE-2025-8713
Published : Aug. 14, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 13:15:00 GMT

read more

CVE-2025-8714 - PostgreSQL Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-8714
Published : Aug. 14, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 13:15:00 GMT

read more

CVE-2025-8715 - PostgreSQL SQL Injection

CVE ID : CVE-2025-8715
Published : Aug. 14, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 13:15:00 GMT

read more

CVE-2025-8961 - LibTIFF TIFFcrop Heap-Based Buffer Overflow

CVE ID : CVE-2025-8961
Published : Aug. 14, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 13:15:00 GMT

read more

CVE-2025-8963 - Jeecgboot JimuReport Remote Deserialization Vulnerability

CVE ID : CVE-2025-8963
Published : Aug. 14, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 13:15:00 GMT

read more

CVE-2025-8960 - Campcodes Online Flight Booking Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8960
Published : Aug. 14, 2025, 12:15 p.m. | 2 hours, 49 minutes ago
Description : A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 12:15:00 GMT

read more

CVE-2025-54705 - WpEvently Magepeopleteam Missing Authorization Vulnerability

CVE ID : CVE-2025-54705
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 49 minutes ago
Description : Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54706 - Noor Alam Magical Posts Display Cross-site Scripting (XSS)

CVE ID : CVE-2025-54706
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54707 - RealMag777 MDTF SQL Injection

CVE ID : CVE-2025-54707
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 49 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a through 1.3.3.7.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-8957 - Campcodes Online Flight Booking Management System SQL Injection

CVE ID : CVE-2025-8957
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-8958 - Tenda WiFi Stack-Based Buffer Overflow

CVE ID : CVE-2025-8958
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 49 minutes ago
Description : A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54692 - WP Swings Membership For WooCommerce Missing Authorization Vulnerability

CVE ID : CVE-2025-54692
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.9.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54693 - Epiphyt Form Block Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-54693
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.5.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54694 - bPlugins Button Block CSRF Vulnerability

CVE ID : CVE-2025-54694
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54695 - HasTech HT Mega Missing Authorization Vulnerability

CVE ID : CVE-2025-54695
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54696 - WPFunnels Cross-site Scripting (XSS)

CVE ID : CVE-2025-54696
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54697 - Ben Ritner Kadence WooCommerce Email Designer Privilege Escalation Vulnerability

CVE ID : CVE-2025-54697
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54698 - RadiusTheme Classified Listing XSS Injection

CVE ID : CVE-2025-54698
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54699 - Masteriyo LMS Cross-site Scripting

CVE ID : CVE-2025-54699
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54700 - ThemeMove Makeaholic PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-54700
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54701 - ThemeMove Unicamp PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-54701
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This issue affects Unicamp: from n/a through 2.6.3.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54702 - Motov.net Ebook Store CSRF Vulnerability

CVE ID : CVE-2025-54702
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54703 - Prince Integrate Google Drive CSRF

CVE ID : CVE-2025-54703
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54704 - Hashthemes Easy Elementor Addons Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-54704
Published : Aug. 14, 2025, 11:15 a.m. | 3 hours, 1 minute ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54686 - Exertio Scriptsbundle Object Injection Vulnerability

CVE ID : CVE-2025-54686
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 26 minutes ago
Description : Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54687 - Crocoblock JetTabs Cross-site Scripting Vulnerability

CVE ID : CVE-2025-54687
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54688 - Crocoblock JetEngine Cross-site Scripting (XSS)

CVE ID : CVE-2025-54688
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54689 - ThemBay Urna PHP Remote File Inclusion

CVE ID : CVE-2025-54689
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 26 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/a through 2.5.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54690 - ThemeStek Xinterio PHP RFI Vulnerability

CVE ID : CVE-2025-54690
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 26 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinterio: from n/a through 4.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54691 - Stylemix Motors Authorization Bypass

CVE ID : CVE-2025-54691
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 26 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-54685 - Brainstorm Force SureDash Information Disclosure Vulnerability

CVE ID : CVE-2025-54685
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 1 minute ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 11:15:00 GMT

read more

CVE-2025-48860 - "CtrlX OS Backup Archive Privilege Escalation"

CVE ID : CVE-2025-48860
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-48861 - CtrlX OS Task API Remote Information Disclosure

CVE ID : CVE-2025-48861
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-48862 - CtrlX OS Unencrypted Backup File Exposure

CVE ID : CVE-2025-48862
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-54472 - Apache bRPC Redis Protocol Parser Integer Overflow Denial of Service

CVE ID : CVE-2025-54472
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-5998 - WordPress PPWP Password Authorization Information Disclosure

CVE ID : CVE-2025-5998
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-8952 - Campcodes Online Flight Booking Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8952
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-8953 - SourceCodester COVID 19 Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8953
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-8954 - PHPGurukul Hospital Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8954
Published : Aug. 14, 2025, 9:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 09:15:00 GMT

read more

CVE-2025-27388 - Apple Safari DOM-Based Cross-Site Scripting (XSS)

CVE ID : CVE-2025-27388
Published : Aug. 14, 2025, 8:15 a.m. | 2 hours, 9 minutes ago
Description : Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 08:15:00 GMT

read more

CVE-2025-8950 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-8950
Published : Aug. 14, 2025, 8:15 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 08:15:00 GMT

read more

CVE-2025-8951 - PHPGurukul Teachers Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8951
Published : Aug. 14, 2025, 8:15 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 08:15:00 GMT

read more

CVE-2025-8947 - Projectworlds Visitor Management System SQL Injection

CVE ID : CVE-2025-8947
Published : Aug. 14, 2025, 7:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 07:15:00 GMT

read more

CVE-2025-8948 - Projectworlds Visitor Management System SQL Injection

CVE ID : CVE-2025-8948
Published : Aug. 14, 2025, 7:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 07:15:00 GMT

read more

CVE-2025-8949 - D-Link DIR-825 HTTPd Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8949
Published : Aug. 14, 2025, 7:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 07:15:00 GMT

read more

CVE-2025-3414 - WordPress Structured Content (JSON-LD) Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-3414
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-6790 - Quiz and Survey Master WordPress CSRF Vulnerability

CVE ID : CVE-2025-6790
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-7808 - Shopify WP WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-7808
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-8046 - "WordPress Injection Guard Reflected Cross-Site Scripting"

CVE ID : CVE-2025-8046
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-8939 - Tenda AC20 Buffer Overflow in WifiGuestSet

CVE ID : CVE-2025-8939
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-8940 - "Tenda AC20 strcpy Buffer Overflow Vulnerability"

CVE ID : CVE-2025-8940
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-8946 - Projectworlds Online Notes Sharing Platform SQL Injection Vulnerability

CVE ID : CVE-2025-8946
Published : Aug. 14, 2025, 6:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 06:15:00 GMT

read more

CVE-2025-5942 - Netskope NS Client Windows Heap Overflow Denial-of-Service

CVE ID : CVE-2025-5942
Published : Aug. 14, 2025, 5:15 a.m. | 5 hours, 9 minutes ago
Description : Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2025-8936 - "1000 Projects Sales Management System SQL Injection"

CVE ID : CVE-2025-8936
Published : Aug. 14, 2025, 5:15 a.m. | 5 hours, 9 minutes ago
Description : A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2025-8937 - TOTOLINK N350R Command Injection Vulnerability

CVE ID : CVE-2025-8937
Published : Aug. 14, 2025, 5:15 a.m. | 5 hours, 9 minutes ago
Description : A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2025-8938 - TOTOLINK N350R Telnet Service Remote Backdoor Vulnerability

CVE ID : CVE-2025-8938
Published : Aug. 14, 2025, 5:15 a.m. | 5 hours, 9 minutes ago
Description : A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2024-7402 - Netskope Client Administrative Privilege Escalation and Configuration Tampering Vulnerability

CVE ID : CVE-2024-7402
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 26 minutes ago
Description : Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2025-0309 - Netskope Client TLS Certificate Validation Bypass Privilege Elevation Vulnerability

CVE ID : CVE-2025-0309
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 26 minutes ago
Description : An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2025-5941 - Netskope NS Client DNS Memory Leak

CVE ID : CVE-2025-5941
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 26 minutes ago
Description : Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 05:15:00 GMT

read more

CVE-2025-8934 - "1000 Projects Sales Management System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-8934
Published : Aug. 14, 2025, 4:16 a.m. | 4 hours, 26 minutes ago
Description : A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 04:16:00 GMT

read more

CVE-2025-8935 - "1000 Projects Sales Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-8935
Published : Aug. 14, 2025, 4:16 a.m. | 4 hours, 26 minutes ago
Description : A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 04:16:00 GMT

read more

CVE-2025-8933 - "1000 Projects Sales Management System Cross Site Scripting Vulnerability"

CVE ID : CVE-2025-8933
Published : Aug. 14, 2025, 4:15 a.m. | 4 hours, 26 minutes ago
Description : A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 04:15:00 GMT

read more

CVE-2025-8931 - Code-projects Medical Store Management System SQL Injection

CVE ID : CVE-2025-8931
Published : Aug. 14, 2025, 3:15 a.m. | 5 hours, 26 minutes ago
Description : A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 03:15:00 GMT

read more

CVE-2025-8932 - "1000 Projects Sales Management System SQL Injection"

CVE ID : CVE-2025-8932
Published : Aug. 14, 2025, 3:15 a.m. | 5 hours, 26 minutes ago
Description : A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 03:15:00 GMT

read more

CVE-2025-8930 - "Code-projects Medical Store Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-8930
Published : Aug. 14, 2025, 3:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 03:15:00 GMT

read more

CVE-2025-55198 - Helm Chart YAML Parsing Type Error Denial of Service

CVE ID : CVE-2025-55198
Published : Aug. 14, 2025, 12:15 a.m. | 8 hours, 7 minutes ago
Description : Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 00:15:00 GMT

read more

CVE-2025-55199 - Helm Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-55199
Published : Aug. 14, 2025, 12:15 a.m. | 8 hours, 7 minutes ago
Description : Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 14 Aug 2025 00:15:00 GMT

read more

CVE-2025-55194 - Part-DB Persistent File Extension Denial of Service

CVE ID : CVE-2025-55194
Published : Aug. 13, 2025, 11:15 p.m. | 7 hours, 26 minutes ago
Description : Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to view or edit that user’s profile. This makes the profile permanently inaccessible via the UI for both users and administrators, constituting a Denial of Service (DoS) within the user management interface. This issue has been patched in version 1.17.3.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 23:15:00 GMT

read more

CVE-2025-55196 - Kubernetes External Secrets Operator Namespace Bypass Vulnerability

CVE ID : CVE-2025-55196
Published : Aug. 13, 2025, 11:15 p.m. | 7 hours, 26 minutes ago
Description : External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read secrets/secret-stores across the cluster, bypassing intended namespace restrictions. An attacker with the ability to create or update PushSecret resources and control SecretStore configurations could exploit this vulnerability to exfiltrate sensitive data from arbitrary namespaces. This could lead to full disclosure of Kubernetes secrets, including credentials, tokens, and other sensitive information stored in the cluster. This vulnerability has been patched in version 0.19.2. A workaround for this issue includes auditing and restricting RBAC permissions so that only trusted service accounts can create or update PushSecret and SecretStore resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 23:15:00 GMT

read more

CVE-2025-55197 - PyPDF FlateDecode Filter Exhaustion Denial of Service

CVE ID : CVE-2025-55197
Published : Aug. 13, 2025, 11:15 p.m. | 7 hours, 26 minutes ago
Description : pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 23:15:00 GMT

read more

CVE-2025-55193 - Ruby on Rails ANSI Sequence Injection Vulnerability

CVE ID : CVE-2025-55193
Published : Aug. 13, 2025, 11:15 p.m. | 7 hours, 2 minutes ago
Description : Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 23:15:00 GMT

read more

CVE-2025-8928 - Code-projects Medical Store Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8928
Published : Aug. 13, 2025, 10:15 p.m. | 8 hours, 2 minutes ago
Description : A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 22:15:00 GMT

read more

CVE-2025-8929 - Code-projects Medical Store Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8929
Published : Aug. 13, 2025, 10:15 p.m. | 8 hours, 1 minute ago
Description : A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 22:15:00 GMT

read more

CVE-2012-10058 - RabidHamster Web Server Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2012-10058
Published : Aug. 13, 2025, 9:15 p.m. | 9 hours, 1 minute ago
Description : RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2012-10059 - Dolibarr ERP/CRM OS Command Injection Vulnerability

CVE ID : CVE-2012-10059
Published : Aug. 13, 2025, 9:15 p.m. | 9 hours, 1 minute ago
Description : Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2012-10060 - Sysax Multi Server SSH Stack Buffer Overflow

CVE ID : CVE-2012-10060
Published : Aug. 13, 2025, 9:15 p.m. | 9 hours, 1 minute ago
Description : Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2025-34154 - UnForm Server Manager Unauthenticated File Read Vulnerability

CVE ID : CVE-2025-34154
Published : Aug. 13, 2025, 9:15 p.m. | 9 hours, 1 minute ago
Description : UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system — including sensitive OS-level files — without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10014 - GTA San Andreas Multiplayer (SA-MP) Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2011-10014
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10015 - Cytel Studio Buffer Overflow Vulnerability

CVE ID : CVE-2011-10015
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10016 - RealNetworks Netzip Classic Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2011-10016
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10017 - Snort Nmap PHP Remote Command Execution Vulnerability

CVE ID : CVE-2011-10017
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10018 - MyBB Unauthorized Remote Code Execution Backdoor

CVE ID : CVE-2011-10018
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10019 - Spreecommerce Remote Command Execution Vulnerability

CVE ID : CVE-2011-10019
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2012-10054 - Umbraco CMS Remote Code Execution Vulnerability

CVE ID : CVE-2012-10054
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2012-10055 - F-Secure ComSndFTP Format String Vulnerability

CVE ID : CVE-2012-10055
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2012-10056 - Apache Volunteer Management System Remote File Upload Vulnerability

CVE ID : CVE-2012-10056
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2012-10057 - Lattice Semiconductor ispVM Buffer Overflow Vulnerability

CVE ID : CVE-2012-10057
Published : Aug. 13, 2025, 9:15 p.m. | 7 hours, 7 minutes ago
Description : Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10011 - WeBid Remote Code Injection Vulnerability

CVE ID : CVE-2011-10011
Published : Aug. 13, 2025, 9:15 p.m. | 5 hours, 26 minutes ago
Description : WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10012 - Impero Software NetOp Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2011-10012
Published : Aug. 13, 2025, 9:15 p.m. | 5 hours, 26 minutes ago
Description : NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10013 - Traq Remote Code Execution Vulnerability

CVE ID : CVE-2011-10013
Published : Aug. 13, 2025, 9:15 p.m. | 5 hours, 26 minutes ago
Description : Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10009 - Apache S40 CMS Path Traversal Vulnerability

CVE ID : CVE-2011-10009
Published : Aug. 13, 2025, 9:15 p.m. | 1 hour, 6 minutes ago
Description : S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2011-10010 - QuickShare File Server FTP Path Traversal Vulnerability

CVE ID : CVE-2011-10010
Published : Aug. 13, 2025, 9:15 p.m. | 1 hour, 6 minutes ago
Description : QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 21:15:00 GMT

read more

CVE-2025-43982 - Tuoshi NR500-EA SSH Default Credential Vulnerability

CVE ID : CVE-2025-43982
Published : Aug. 13, 2025, 8:15 p.m. | 2 hours, 6 minutes ago
Description : Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 20:15:00 GMT

read more

CVE-2025-43986 - KuWFi GC111 Telnet Authentication Bypass

CVE ID : CVE-2025-43986
Published : Aug. 13, 2025, 8:15 p.m. | 2 hours, 6 minutes ago
Description : An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 20:15:00 GMT

read more

CVE-2025-43988 - KuWFi 5G01-X55 RCE through Unauthenticated API Endpoint

CVE ID : CVE-2025-43988
Published : Aug. 13, 2025, 8:15 p.m. | 2 hours, 6 minutes ago
Description : KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 20:15:00 GMT

read more

CVE-2025-8926 - SourceCodester COVID 19 Testing Management System SQL Injection

CVE ID : CVE-2025-8926
Published : Aug. 13, 2025, 8:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 20:15:00 GMT

read more

CVE-2025-8927 - Mtons MBlog Authentication Bypass Vulnerability

CVE ID : CVE-2025-8927
Published : Aug. 13, 2025, 8:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 20:15:00 GMT

read more

CVE-2025-8925 - iSourcecode Sports Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8925
Published : Aug. 13, 2025, 7:15 p.m. | 3 hours, 6 minutes ago
Description : A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 19:15:00 GMT

read more

CVE-2025-43989 - Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC Command Injection Vulnerability

CVE ID : CVE-2025-43989
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie (bypassing normal session checks), an unauthenticated attacker can use that parameter to execute arbitrary OS commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 19:15:00 GMT

read more

CVE-2025-45313 - Hortusfox Web XSS

CVE ID : CVE-2025-45313
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 19:15:00 GMT

read more

CVE-2025-8922 - Job Diary SQL Injection Vulnerability

CVE ID : CVE-2025-8922
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 19:15:00 GMT

read more

CVE-2025-8923 - Code-Projects Job Diary SQL Injection Vulnerability

CVE ID : CVE-2025-8923
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 19:15:00 GMT

read more

CVE-2025-8924 - Campcodes Online Water Billing System SQL Injection

CVE ID : CVE-2025-8924
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 19:15:00 GMT

read more

CVE-2025-50615 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50615
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-50616 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50616
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_advanced_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-50617 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50617
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wps_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-50946 - Olivetin Command Injection Vulnerability

CVE ID : CVE-2025-50946
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-5819 - GitLab CE/EE Authentication Bypass

CVE ID : CVE-2025-5819
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-6186 - GitLab Cross-Site Scripting (XSS)

CVE ID : CVE-2025-6186
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-7734 - GitLab Cross-Site Scripting (XSS)

CVE ID : CVE-2025-7734
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-7739 - GitLab CE/EE Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7739
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-8754 - ABB AbilityTM zenon Missing Authentication for Critical Function

CVE ID : CVE-2025-8754
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-8770 - GitLab EE Authentication Bypass Vulnerability

CVE ID : CVE-2025-8770
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-8904 - Amazon EMR Kerberos Keytab File Disclosure

CVE ID : CVE-2025-8904
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-8919 - Portabilis i-Diario Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8919
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-8920 - Portabilis i-Diario Dicionário de Termos BNCC Page Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8920
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-8921 - Code-Projects Job Diary SQL Injection Vulnerability

CVE ID : CVE-2025-8921
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 26 minutes ago
Description : A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-2937 - GitLab Markdown Wiki Denial of Service Vulnerability

CVE ID : CVE-2025-2937
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 8 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-45314 - Hortusfox Web Calendar XSS

CVE ID : CVE-2025-45314
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 8 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-45315 - Hortusfox Web XSS

CVE ID : CVE-2025-45315
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 8 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-45316 - Hortusfox Web TextBlockModule XSS

CVE ID : CVE-2025-45316
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 8 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-45317 - Hortusfox-web Zip Slip Vulnerability

CVE ID : CVE-2025-45317
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 8 minutes ago
Description : A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-23303 - NVIDIA NeMo Framework Remote Code Execution (RCE)

CVE ID : CVE-2025-23303
Published : Aug. 13, 2025, 6:15 p.m. | 1 hour, 2 minutes ago
Description : NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-23304 - NVIDIA NeMo Code Injection Vulnerability

CVE ID : CVE-2025-23304
Published : Aug. 13, 2025, 6:15 p.m. | 1 hour, 2 minutes ago
Description : NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-23305 - NVIDIA Megatron-LM Code Injection Vulnerability

CVE ID : CVE-2025-23305
Published : Aug. 13, 2025, 6:15 p.m. | 1 hour, 2 minutes ago
Description : NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-23306 - NVIDIA Megatron-LM Code Injection Vulnerability

CVE ID : CVE-2025-23306
Published : Aug. 13, 2025, 6:15 p.m. | 1 hour, 2 minutes ago
Description : NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-2498 - "Gitlab EE Improper Access Control Vulnerability"

CVE ID : CVE-2025-2498
Published : Aug. 13, 2025, 6:15 p.m. | 1 hour, 2 minutes ago
Description : An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-2614 - GitLab CE/EE Resource Exhaustion Denial of Service

CVE ID : CVE-2025-2614
Published : Aug. 13, 2025, 6:15 p.m. | 1 hour, 2 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 18:15:00 GMT

read more

CVE-2025-2180 - Palo Alto Networks Checkov by Prisma Cloud Deserialization Vulnerability

CVE ID : CVE-2025-2180
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-2181 - Palo Alto Networks Checkov Prisma Cloud Sensitive Information Disclosure

CVE ID : CVE-2025-2181
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-2182 - Palo Alto Networks PAN-OS MACsec CAK Exposure

CVE ID : CVE-2025-2182
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-2183 - Palo Alto Networks GlobalProtect Certificate Validation Bypass

CVE ID : CVE-2025-2183
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-2184 - Palo Alto Networks Cortex XDR Broker VM Default Credential Sharing Vulnerability

CVE ID : CVE-2025-2184
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have network access to the Broker VM to exploit this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-34153 - Hyland OnBase .NET Remoting RCE via Insecure Deserialization

CVE ID : CVE-2025-34153
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-50594 - Danphe Health Hospital Management System EMR Password Reset Vulnerability

CVE ID : CVE-2025-50594
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-51451 - TOTOLINK EX1200T Authentication Bypass

CVE ID : CVE-2025-51451
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-52385 - "Studio 3T Remote Code Execution Vulnerability"

CVE ID : CVE-2025-52385
Published : Aug. 13, 2025, 5:15 p.m. | 1 hour, 1 minute ago
Description : An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 17:15:00 GMT

read more

CVE-2025-50608 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50608
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-50609 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50609
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of specify_parame in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-50610 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50610
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-50611 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50611
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-50612 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50612
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-50613 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50613
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-50614 - Netis WF2880 Buffer Overflow Vulnerability

CVE ID : CVE-2025-50614
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-51452 - TOTOLINK A7000R Authentication Bypass Vulnerability

CVE ID : CVE-2025-51452
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-8918 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8918
Published : Aug. 13, 2025, 4:15 p.m. | 2 hours, 1 minute ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 16:15:00 GMT

read more

CVE-2025-51691 - MarkTwo XSS Attack Vector

CVE ID : CVE-2025-51691
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before rendering it. Successful exploitation could lead to session hijacking, credential theft, or arbitrary client-side code execution in the context of the victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-52585 - BIG-IP LTM Anonymous Diffie-Hellman Denial of Service

CVE ID : CVE-2025-52585
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-53859 - NGINX SMTP Module Information Leak

CVE ID : CVE-2025-53859
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-54500 - Apache HTTP/2 Denial-of-Service Vulnerability

CVE ID : CVE-2025-54500
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-54809 - F5 Access for Android SSL/TLS Man-in-the-Middle (MitM) Vulnerability

CVE ID : CVE-2025-54809
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-55163 - Netty HTTP/2 MadeYouReset DDoS Vulnerability

CVE ID : CVE-2025-55163
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-8941 - Linux-Pam Symlink Privilege Escalation Vulnerability

CVE ID : CVE-2025-8941
Published : Aug. 13, 2025, 3:15 p.m. | 3 hours, 1 minute ago
Description : A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-46405 - BIG-IP APM Traffic Management Microkernel Denial of Service

CVE ID : CVE-2025-46405
Published : Aug. 13, 2025, 3:15 p.m. | 1 hour, 25 minutes ago
Description : When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-48500 - F5 VPN MacOS Browser Client File Integrity Check Bypass

CVE ID : CVE-2025-48500
Published : Aug. 13, 2025, 3:15 p.m. | 1 hour, 25 minutes ago
Description : A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-50251 - Makeplane Plane SSRF Vulnerability

CVE ID : CVE-2025-50251
Published : Aug. 13, 2025, 3:15 p.m. | 1 hour, 25 minutes ago
Description : Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-50635 - Netis WF2780 Null Pointer Dereference DoS Vulnerability

CVE ID : CVE-2025-50635
Published : Aug. 13, 2025, 3:15 p.m. | 1 hour, 25 minutes ago
Description : A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-50690 - OSGeo SpatialReference.org Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-50690
Published : Aug. 13, 2025, 3:15 p.m. | 1 hour, 25 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a specially formed URL with malicious JavaScript code, which is then reflected back and executed in the victim's browser. This flaw allows an attacker to execute arbitrary JavaScript in the context of the victim's session, potentially leading to session hijacking, phishing attacks, data theft, or redirection to malicious sites. The issue is exposed on publicly accessible pages, making it exploitable by an unauthenticated attacker.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 15:15:00 GMT

read more

CVE-2025-55005 - ImageMagick Logmap Buffer Overflow Vulnerability

CVE ID : CVE-2025-55005
Published : Aug. 13, 2025, 2:15 p.m. | 2 hours, 25 minutes ago
Description : ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-55154 - ImageMagick Stack-Based Buffer Overflow

CVE ID : CVE-2025-55154
Published : Aug. 13, 2025, 2:15 p.m. | 2 hours, 25 minutes ago
Description : ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-55160 - ImageMagick Denial of Service (DoS) Function-Type Mismatch Vulnerability

CVE ID : CVE-2025-55160
Published : Aug. 13, 2025, 2:15 p.m. | 2 hours, 25 minutes ago
Description : ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-55668 - Apache Tomcat Session Fixation

CVE ID : CVE-2025-55668
Published : Aug. 13, 2025, 2:15 p.m. | 2 hours, 25 minutes ago
Description : Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-32451 - Foxit Reader Uninitialized Pointer Memory Corruption Vulnerability

CVE ID : CVE-2025-32451
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-52386 - "CycloneDX Sunshine Formula Injection Vulnerability"

CVE ID : CVE-2025-52386
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-52392 - Soosyze CMS Unrestricted Brute-Force Login Attack Vulnerability

CVE ID : CVE-2025-52392
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-54074 - Cherry Studio OS Command Injection Vulnerability

CVE ID : CVE-2025-54074
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-54382 - Cherry Studio Cherry Picker Remote Code Execution

CVE ID : CVE-2025-54382
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-54791 - OMERO.web Information Disclosure Vulnerability

CVE ID : CVE-2025-54791
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-55004 - ImageMagick Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-55004
Published : Aug. 13, 2025, 2:15 p.m. | 47 minutes ago
Description : ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 14:15:00 GMT

read more

CVE-2025-48989 - Apache Tomcat Reset Attack Vulnerability

CVE ID : CVE-2025-48989
Published : Aug. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 13:15:00 GMT

read more

CVE-2025-8671 - Apache HTTP/2 Denial-of-Service Vulnerability

CVE ID : CVE-2025-8671
Published : Aug. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 13:15:00 GMT

read more

CVE-2025-8907 - H3C M2 NAS Webserver Configuration Privilege Escalation Vulnerability

CVE ID : CVE-2025-8907
Published : Aug. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services". This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 13:15:00 GMT

read more

CVE-2025-8908 - Shanghai Lingdang Information Technology Lingdang CRM SQL Injection

CVE ID : CVE-2025-8908
Published : Aug. 13, 2025, 1:15 p.m. | 1 hour, 47 minutes ago
Description : A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.6.5 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 13:15:00 GMT

read more

CVE-2025-54464 - ZKTeco WL20 Unencrypted Credentials Storage

CVE ID : CVE-2025-54464
Published : Aug. 13, 2025, 12:15 p.m. | 2 hours, 47 minutes ago
Description : This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 12:15:00 GMT

read more

CVE-2025-54465 - ZKTeco WL20 Hard-Coded MQTT Credentials Disclosure

CVE ID : CVE-2025-54465
Published : Aug. 13, 2025, 12:15 p.m. | 2 hours, 47 minutes ago
Description : This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 12:15:00 GMT

read more

CVE-2025-55279 - ZKTeco WL20 Hard-Coded Private Key Vulnerability

CVE ID : CVE-2025-55279
Published : Aug. 13, 2025, 12:15 p.m. | 2 hours, 47 minutes ago
Description : This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform unauthorized decryption of sensitive data and Man-in-the-Middle (MitM) attacks on the targeted device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 12:15:00 GMT

read more

CVE-2025-55280 - ZKTeco WL20 PlainText Data Exposure Vulnerability

CVE ID : CVE-2025-55280
Published : Aug. 13, 2025, 12:15 p.m. | 2 hours, 47 minutes ago
Description : This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 12:15:00 GMT

read more

Violation de données personnelles Bouygues Telecom

undefined

Wed, 13 Aug 2025 10:18:00 GMT

read more

CVE-2025-8912 - WellChoose Organization Portal System Arbitrary File Reading Vulnerability

CVE ID : CVE-2025-8912
Published : Aug. 13, 2025, 10:15 a.m. | 4 hours, 47 minutes ago
Description : Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 10:15:00 GMT

read more

CVE-2025-8913 - WellChoose Organization Portal System Local File Inclusion Vulnerability

CVE ID : CVE-2025-8913
Published : Aug. 13, 2025, 10:15 a.m. | 4 hours, 47 minutes ago
Description : Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 10:15:00 GMT

read more

CVE-2025-8914 - WellChoose Organization Portal System SQL Injection

CVE ID : CVE-2025-8914
Published : Aug. 13, 2025, 10:15 a.m. | 4 hours, 47 minutes ago
Description : Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 10:15:00 GMT

read more

CVE-2025-8916 - Bouncy Castle for Java Excessive Allocation Memory Vulnerability

CVE ID : CVE-2025-8916
Published : Aug. 13, 2025, 10:15 a.m. | 4 hours, 47 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 10:15:00 GMT

read more

Violation de données personnelles de lrsquo;opérateur Bouygues Telecom : situation, risques et recommandations

L’opérateur de télécommunications Bouygues Telecom a été victime d’une attaque informatique qui a conduit à la violation de données à caractère personnel de certains de ses clients Grand Public dont une partie détenant un numéro SIREN. Il est à noter que les clients de la…

Wed, 13 Aug 2025 10:13:00 GMT

read more

CVE-2025-8910 - WellChoose Organization Portal System Reflected Cross-site Scripting Vulnerability

CVE ID : CVE-2025-8910
Published : Aug. 13, 2025, 9:15 a.m. | 5 hours, 47 minutes ago
Description : Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 09:15:00 GMT

read more

CVE-2025-8911 - WellChoose Organization Portal System Reflected Cross-site Scripting Vulnerability

CVE ID : CVE-2025-8911
Published : Aug. 13, 2025, 9:15 a.m. | 5 hours, 47 minutes ago
Description : Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 09:15:00 GMT

read more

CVE-2025-55345 - Codex Symlink File Overwrite RCE

CVE ID : CVE-2025-55345
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 25 minutes ago
Description : Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 09:15:00 GMT

read more

CVE-2025-8909 - WellChoose Organization Portal System Arbitrary File Reading Vulnerability

CVE ID : CVE-2025-8909
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 25 minutes ago
Description : Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 09:15:00 GMT

read more

CVE-2025-6184 - Tutor LMS Pro WordPress SQL Injection Vulnerability

CVE ID : CVE-2025-6184
Published : Aug. 13, 2025, 7:15 a.m. | 5 hours, 25 minutes ago
Description : The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 07:15:00 GMT

read more

CVE-2025-8760 - INSTAR fcgi_server Buffer Overflow Vulnerability

CVE ID : CVE-2025-8760
Published : Aug. 13, 2025, 7:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 07:15:00 GMT

read more

CVE-2025-8761 - INSTAR Denial of Service Vulnerability in Backend IPC Server

CVE ID : CVE-2025-8761
Published : Aug. 13, 2025, 7:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 07:15:00 GMT

read more

CVE-2025-8762 - INSTAR UART Interface Physical Access Control Bypass

CVE ID : CVE-2025-8762
Published : Aug. 13, 2025, 7:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 07:15:00 GMT

read more

CVE-2025-6715 - LatePoint WordPress Local File Inclusion Vulnerability

CVE ID : CVE-2025-6715
Published : Aug. 13, 2025, 6:15 a.m. | 6 hours, 25 minutes ago
Description : The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 06:15:00 GMT

read more

CVE-2025-7384 - "Elementor Forms PHP Object Injection Vulnerability"

CVE ID : CVE-2025-7384
Published : Aug. 13, 2025, 5:15 a.m. | 7 hours, 25 minutes ago
Description : The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 05:15:00 GMT

read more

CVE-2025-0818 - elFinder WordPress Plugin Directory Traversal Vulnerability

CVE ID : CVE-2025-0818
Published : Aug. 13, 2025, 4:16 a.m. | 8 hours, 24 minutes ago
Description : Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 04:16:00 GMT

read more

CVE-2025-8491 - Easy Restaurant Menu Manager for WordPress CSRF

CVE ID : CVE-2025-8491
Published : Aug. 13, 2025, 4:16 a.m. | 8 hours, 24 minutes ago
Description : The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 04:16:00 GMT

read more

CVE-2025-8891 - OceanWP Cross-Site Request Forgery (CSRF)

CVE ID : CVE-2025-8891
Published : Aug. 13, 2025, 4:16 a.m. | 8 hours, 24 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 04:16:00 GMT

read more

CVE-2025-8880 - Google Chrome V8 Race Condition Execution of Arbitrary Code

CVE ID : CVE-2025-8880
Published : Aug. 13, 2025, 3:15 a.m. | 9 hours, 25 minutes ago
Description : Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 03:15:00 GMT

read more

CVE-2025-8881 - Google Chrome File Picker Cross-Origin Data Leak

CVE ID : CVE-2025-8881
Published : Aug. 13, 2025, 3:15 a.m. | 9 hours, 25 minutes ago
Description : Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 03:15:00 GMT

read more

CVE-2025-8882 - Google Chrome Aura Use-After-Free Vulnerability

CVE ID : CVE-2025-8882
Published : Aug. 13, 2025, 3:15 a.m. | 9 hours, 25 minutes ago
Description : Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 03:15:00 GMT

read more

CVE-2025-8901 - Google Chrome ANGLE Out-of-Bounds Memory Access Vulnerability

CVE ID : CVE-2025-8901
Published : Aug. 13, 2025, 3:15 a.m. | 9 hours, 25 minutes ago
Description : Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 03:15:00 GMT

read more

CVE-2025-4410 - Cisco SetupUtility Buffer Overflow Vulnerability

CVE ID : CVE-2025-4410
Published : Aug. 13, 2025, 3:15 a.m. | 9 hours, 6 minutes ago
Description : A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 03:15:00 GMT

read more

CVE-2025-8879 - Google Chrome Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-8879
Published : Aug. 13, 2025, 3:15 a.m. | 9 hours, 6 minutes ago
Description : Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 03:15:00 GMT

read more

CVE-2025-4276 - Intel UsbCoreDxe SMM Arbitrary Code Execution

CVE ID : CVE-2025-4276
Published : Aug. 13, 2025, 2:15 a.m. | 10 hours, 6 minutes ago
Description : UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 02:15:00 GMT

read more

CVE-2025-4277 - Intel Tcg2Smm SMM Execute Code Arbitrary Memory Write

CVE ID : CVE-2025-4277
Published : Aug. 13, 2025, 2:15 a.m. | 10 hours, 6 minutes ago
Description : Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 13 Aug 2025 02:15:00 GMT

read more

Fuite de données chez France Link Interactive

ransomware

Wed Aug 13 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

Fuite de données chez Partner Immo

ransomware

Wed Aug 13 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

Fuite de données chez Google

2,25 millions

Wed Aug 13 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-54232 - Adobe Framemaker Use After Free Vulnerability

CVE ID : CVE-2025-54232
Published : Aug. 12, 2025, 11:15 p.m. | 10 hours, 24 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-54233 - Adobe Framemaker Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-54233
Published : Aug. 12, 2025, 11:15 p.m. | 10 hours, 24 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-54238 - Dimension Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-54238
Published : Aug. 12, 2025, 11:15 p.m. | 10 hours, 24 minutes ago
Description : Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-8395 - "CVE-xxxx: Apache Struts SQL Injection Vulnerability"

CVE ID : CVE-2025-8395
Published : Aug. 12, 2025, 11:15 p.m. | 10 hours, 24 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-49457 - Zoom Untrusted Search Path Privilege Escalation Vulnerability

CVE ID : CVE-2025-49457
Published : Aug. 12, 2025, 11:15 p.m. | 9 hours, 25 minutes ago
Description : Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-54229 - Adobe Framemaker Use After Free Vulnerability

CVE ID : CVE-2025-54229
Published : Aug. 12, 2025, 11:15 p.m. | 9 hours, 25 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-54230 - Adobe Framemaker Use-After-Free Vulnerability

CVE ID : CVE-2025-54230
Published : Aug. 12, 2025, 11:15 p.m. | 9 hours, 25 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-54231 - Adobe Framemaker Use After Free Vulnerability

CVE ID : CVE-2025-54231
Published : Aug. 12, 2025, 11:15 p.m. | 9 hours, 25 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-49456 - Zoom Windows Installer Race Condition Vulnerability

CVE ID : CVE-2025-49456
Published : Aug. 12, 2025, 11:15 p.m. | 7 hours, 25 minutes ago
Description : Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 23:15:00 GMT

read more

CVE-2025-54222 - Substance3D Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-54222
Published : Aug. 12, 2025, 10:15 p.m. | 8 hours, 25 minutes ago
Description : Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 22:15:00 GMT

read more

CVE-2025-55170 - WeGIA Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-55170
Published : Aug. 12, 2025, 9:15 p.m. | 9 hours, 25 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-55171 - WeGIA Unauthenticated File Deletion Vulnerability

CVE ID : CVE-2025-55171
Published : Aug. 12, 2025, 9:15 p.m. | 9 hours, 25 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-55165 - Autocaliweb API Key Exposure

CVE ID : CVE-2025-55165
Published : Aug. 12, 2025, 9:15 p.m. | 9 hours, 6 minutes ago
Description : Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54235 - Substance3D Modeler Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-54235
Published : Aug. 12, 2025, 9:15 p.m. | 7 hours, 25 minutes ago
Description : Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54226 - Adobe InDesign Use After Free Vulnerability

CVE ID : CVE-2025-54226
Published : Aug. 12, 2025, 9:15 p.m. | 7 hours, 6 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54227 - Adobe InDesign Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-54227
Published : Aug. 12, 2025, 9:15 p.m. | 7 hours, 6 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54228 - Adobe InDesign Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-54228
Published : Aug. 12, 2025, 9:15 p.m. | 7 hours, 6 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54219 - Adobe InCopy Heap-based Buffer Overflow Arbitrary Code Execution

CVE ID : CVE-2025-54219
Published : Aug. 12, 2025, 9:15 p.m. | 5 hours, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54220 - Adobe InCopy Heap-based Buffer Overflow Arbitrary Code Execution

CVE ID : CVE-2025-54220
Published : Aug. 12, 2025, 9:15 p.m. | 5 hours, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54221 - Adobe InCopy Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-54221
Published : Aug. 12, 2025, 9:15 p.m. | 5 hours, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54223 - Adobe InCopy Use After Free Vulnerability

CVE ID : CVE-2025-54223
Published : Aug. 12, 2025, 9:15 p.m. | 5 hours, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54224 - Adobe InDesign Use After Free Vulnerability

CVE ID : CVE-2025-54224
Published : Aug. 12, 2025, 9:15 p.m. | 5 hours, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54225 - Adobe InDesign Use After Free Vulnerability (Arbitrary Code Execution)

CVE ID : CVE-2025-54225
Published : Aug. 12, 2025, 9:15 p.m. | 5 hours, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54217 - Adobe InCopy Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-54217
Published : Aug. 12, 2025, 9:15 p.m. | 3 hours, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54218 - Adobe InCopy Out-of-Bounds Write Arbitrary Code Execution

CVE ID : CVE-2025-54218
Published : Aug. 12, 2025, 9:15 p.m. | 3 hours, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54208 - Adobe InDesign Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-54208
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54209 - Adobe InDesign Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-54209
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54210 - Adobe InDesign Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-54210
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54211 - Adobe InDesign Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-54211
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54212 - Adobe InDesign Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-54212
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54213 - Adobe InDesign Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-54213
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54214 - Adobe InDesign Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-54214
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54215 - Adobe InCopy Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-54215
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54216 - Adobe InCopy Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-54216
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 24 minutes ago
Description : InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2025-54207 - Adobe InDesign Uninitialized Pointer Code Execution Vulnerability

CVE ID : CVE-2025-54207
Published : 12 de agosto de 2025 a las 21:15 | 1 hora ago
Description : InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 21:15:00 GMT

read more

CVE-2023-45584 - Fortinet FortiOS Double Free Vulnerability

CVE ID : CVE-2023-45584
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2024-26009 - Fortinet FortiOS Authentication Bypass via FGFM Requests

CVE ID : CVE-2024-26009
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2024-40588 - Fortinet FortiMail, FortiVoice, FortiRecorder, FortiCamera, FortiNDR Path Traversal Vulnerability

CVE ID : CVE-2024-40588
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2024-48892 - FortiSOAR Relative Path Traversal Vulnerability

CVE ID : CVE-2024-48892
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2024-52964 - Fortinet FortiManager Path Traversal Vulnerability

CVE ID : CVE-2024-52964
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-25248 - FortiOS Integer Overflow in SSL-VPN Bookmarks

CVE ID : CVE-2025-25248
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-25256 - Fortinet FortiSIEM OS Command Injection

CVE ID : CVE-2025-25256
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-27759 - Fortinet FortiWeb OS Command Injection

CVE ID : CVE-2025-27759
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-32766 - Fortinet FortiWeb Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-32766
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-32932 - FortiSOAR XSS

CVE ID : CVE-2025-32932
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-36124 - IBM WebSphere Application Server Liberty JMS Message Injection Vulnerability

CVE ID : CVE-2025-36124
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-43734 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-43734
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the “first display label” field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-47857 - Fortinet FortiWeb OS Command Injection

CVE ID : CVE-2025-47857
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-49813 - Fortinet FortiADC OS Command Injection

CVE ID : CVE-2025-49813
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-52970 - Fortinet FortiWeb Unauthenticated Privilege Escalation Vulnerability

CVE ID : CVE-2025-52970
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-53744 - FortiOS Security Fabric Privilege Escalation Vulnerability

CVE ID : CVE-2025-53744
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-55168 - WeGIA SQL Injection Vulnerability

CVE ID : CVE-2025-55168
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_fichamedica parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-55169 - WeGIA Path Traversal Vulnerability

CVE ID : CVE-2025-55169
Published : Aug. 12, 2025, 7:15 p.m. | 1 hour, 3 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 19:15:00 GMT

read more

CVE-2025-53779 - Microsoft Windows Kerberos Path Traversal Privilege Escalation

CVE ID : CVE-2025-53779
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53781 - Azure Virtual Machines Information Exposure Vulnerability

CVE ID : CVE-2025-53781
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53783 - Microsoft Teams Heap Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-53783
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53784 - Microsoft Office Word Use After Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-53784
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53788 - Windows Subsystem for Linux TOCTOU Privilege Escalation

CVE ID : CVE-2025-53788
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53789 - Windows StateRepository API Local Privilege Escalation

CVE ID : CVE-2025-53789
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53793 - Azure Stack Authentication Bypass

CVE ID : CVE-2025-53793
Published : Aug. 12, 2025, 6:15 p.m. | 2 hours, 2 minutes ago
Description : Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53733 - Microsoft Office Word Integer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-53733
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53734 - Microsoft Office Visio Use-After-Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-53734
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53735 - Microsoft Office Excel Use-After-Free Vulnerability

CVE ID : CVE-2025-53735
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53736 - Microsoft Office Word Buffer Over-Read Information Disclosure

CVE ID : CVE-2025-53736
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53737 - Microsoft Office Excel Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-53737
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53738 - Microsoft Office Word Use After Free Code Execution Vulnerability

CVE ID : CVE-2025-53738
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53739 - Microsoft Office Excel Type Confusion Code Execution Vulnerability

CVE ID : CVE-2025-53739
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53740 - Microsoft Office Use-After-Free Code Execution Vulnerability

CVE ID : CVE-2025-53740
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53741 - Microsoft Office Excel Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-53741
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53759 - Microsoft Office Excel Uninitialized Resource Code Execution Vulnerability

CVE ID : CVE-2025-53759
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53760 - Microsoft Office SharePoint SSRF

CVE ID : CVE-2025-53760
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53761 - Microsoft Office PowerPoint Use-After-Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-53761
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53765 - Azure Stack Information Disclosure Vulnerability

CVE ID : CVE-2025-53765
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53766 - Windows GDI+ Heap-based Buffer Overflow

CVE ID : CVE-2025-53766
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53769 - Windows Security App Path Traversal Vulnerability

CVE ID : CVE-2025-53769
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53772 - Web Deploy Untrusted Data Deserialization Code Execution Vulnerability

CVE ID : CVE-2025-53772
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53773 - GitHub Copilot Command Injection Vulnerability

CVE ID : CVE-2025-53773
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-53778 - Microsoft Windows NTLM Privilege Escalation

CVE ID : CVE-2025-53778
Published : Aug. 12, 2025, 6:15 p.m. | 23 minutes ago
Description : Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 18:15:00 GMT

read more

CVE-2025-24835 - Intel Arc B-Series Graphics Denial of Service Vulnerability

CVE ID : CVE-2025-24835
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-24840 - Intel Tiber Edge Platform Privilege Escalation Vulnerability

CVE ID : CVE-2025-24840
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-24921 - Intel Tiber Edge Orchestrator Improper Neutralization Information Disclosure

CVE ID : CVE-2025-24921
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-24923 - "Intel AI for Enterprise Retrieval-augmented Generation Uncontrolled Search Path Vulnerability (EoP)"

CVE ID : CVE-2025-24923
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-25273 - Intel 700 Series Ethernet Kernel Mode Driver Control Flow Vulnerability

CVE ID : CVE-2025-25273
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-26403 - Intel Xeon SGX/TDX OOB Write Privilege Escalation

CVE ID : CVE-2025-26403
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-26404 - Intel DSA Uncontrolled Search Path Privilege Escalation

CVE ID : CVE-2025-26404
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-26470 - Intel Distribution for Python Unprivileged Privilege Escalation

CVE ID : CVE-2025-26470
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-26472 - Intel Tiber Edge Platform Denial of Service

CVE ID : CVE-2025-26472
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-26697 - Intel 700 Series Ethernet Unauthenticated Denial of Service

CVE ID : CVE-2025-26697
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-26863 - Intel 700 Series Ethernet Denial of Service

CVE ID : CVE-2025-26863
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-27250 - Intel Tiber Edge Platform Denial of Service

CVE ID : CVE-2025-27250
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-27537 - Intel Tiber Edge Platform Privilege Escalation Vulnerability

CVE ID : CVE-2025-27537
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-27559 - Apache AI Playground Privilege Escalation

CVE ID : CVE-2025-27559
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-27576 - Intel Tiber Edge Platform Unauthenticated Denial of Service Vulnerability

CVE ID : CVE-2025-27576
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of service via local access.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-27707 - Intel Tiber Edge Orchestrator Sensitive Information Exposure Denial of Service

CVE ID : CVE-2025-27707
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-27717 - Intel Graphics Driver Uncontrolled Search Path Privilege Escalation

CVE ID : CVE-2025-27717
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-32004 - Intel Edger8r Tool SGX SDK Privilege Escalation Vulnerability

CVE ID : CVE-2025-32004
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-32086 - Intel Xeon 6 Processors SGX/TDX Privilege Escalation Vulnerability

CVE ID : CVE-2025-32086
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-49563 - Adobe Illustrator Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-49563
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-49564 - Adobe Illustrator Stack-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-49564
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-49567 - Adobe Illustrator NULL Pointer Dereference Denial of Service

CVE ID : CVE-2025-49567
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-49568 - Adobe Illustrator Use After Free Vulnerability

CVE ID : CVE-2025-49568
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-55166 - Savg-sanitizer Cross-Site Scripting and External Domain Linking Vulnerability

CVE ID : CVE-2025-55166
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-55167 - WeGIA SQL Injection

CVE ID : CVE-2025-55167
Published : Aug. 12, 2025, 5:15 p.m. | 58 minutes ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 17:15:00 GMT

read more

CVE-2025-38500 - Linux Kernel xfrm Interface Use-After-Free Vulnerability

CVE ID : CVE-2025-38500
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-3089 - ServiceNow AI Platform Broken Access Control Vulnerability

CVE ID : CVE-2025-3089
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications. This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-54800 - Hydra JavaScript Injection Vulnerability

CVE ID : CVE-2025-54800
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-party project as part of its build process. This also happens in other places like with hydra-release-name. This issue has been patched by commit dea1e16. A workaround involves either not building untrusted packages or not visiting the builds page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-54864 - Hydra Unauthenticated API Calls Vulnerability

CVE ID : CVE-2025-54864
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be very taxing on the infrastructure when large evaluations are done, introducing potential denial of service attacks on the host running the evaluator. This issue has been patched by commit f7bda02. A workaround involves blocking /api/push-github and /api/push-gitea via a reverse proxy.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-55010 - Kanboard PHP Deserialization RCE Vulnerability

CVE ID : CVE-2025-55010
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-55011 - Kanboard File Traversal Vulnerability

CVE ID : CVE-2025-55011
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-55164 - "Prototype Pollution in Apache Content-Security-Policy-Parser"

CVE ID : CVE-2025-55164
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2025-8452 - Brother Multi-Function Printer Serial Number Disclosure and Default Administrator Password Calculation Vulnerability

CVE ID : CVE-2025-8452
Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 10 minutes ago
Description : By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 16:15:00 GMT

read more

CVE-2024-38805 - EDK2 BIOS Integer Overflow Denial of Service Vulnerability

CVE ID : CVE-2024-38805
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-3831 - Harmony SASE Agent Unsecured Log Upload

CVE ID : CVE-2025-3831
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-5456 - Ivanti Connect Secure Buffer Over-read DOS Vulnerability

CVE ID : CVE-2025-5456
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-5462 - Ivanti Connect Secure Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-5462
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-5466 - "Ivanti Connect Secure and Ivanti Policy Secure Denial of Service Vulnerability"

CVE ID : CVE-2025-5466
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-5468 - Ivanti Connect Secure, Policy Secure, ZTA Gateway, Neurons for Secure Access Local File Reading via Symbolic Link Vulnerability

CVE ID : CVE-2025-5468
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-8296 - Ivanti Avalanche SQL Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8296
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-8297 - Ivanti Avalanche Remote Code Execution

CVE ID : CVE-2025-8297
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-8310 - Ivanti Virtual Application Delivery Controller Authentication Bypass

CVE ID : CVE-2025-8310
Published : Aug. 12, 2025, 3:15 p.m. | 2 hours, 10 minutes ago
Description : Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 15:15:00 GMT

read more

CVE-2025-22830 - APTIOV BIOS Race Condition Vulnerability

CVE ID : CVE-2025-22830
Published : Aug. 12, 2025, 2:15 p.m. | 3 hours, 10 minutes ago
Description : APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 14:15:00 GMT

read more

CVE-2025-22834 - AMI APTIOV BIOS Improper Initialization Vulnerability

CVE ID : CVE-2025-22834
Published : Aug. 12, 2025, 2:15 p.m. | 3 hours, 10 minutes ago
Description : AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 14:15:00 GMT

read more

CVE-2025-43735 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

CVE ID : CVE-2025-43735
Published : Aug. 12, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 13:15:00 GMT

read more

CVE-2025-40766 - SINEC Traffic Analyzer Docker DoS Vulnerability

CVE ID : CVE-2025-40766
Published : Aug. 12, 2025, 12:15 p.m. | 5 hours, 10 minutes ago
Description : A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40767 - SINEC Traffic Analyzer Docker Container Isolation Bypass

CVE ID : CVE-2025-40767
Published : Aug. 12, 2025, 12:15 p.m. | 5 hours, 10 minutes ago
Description : A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40768 - SINEC Traffic Analyzer Remote Service Access Vulnerability

CVE ID : CVE-2025-40768
Published : Aug. 12, 2025, 12:15 p.m. | 5 hours, 10 minutes ago
Description : A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40769 - SINEC Traffic Analyzer Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-40769
Published : Aug. 12, 2025, 12:15 p.m. | 5 hours, 10 minutes ago
Description : A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40770 - SINEC Traffic Analyzer Man-in-the-Middle Vulnerability

CVE ID : CVE-2025-40770
Published : Aug. 12, 2025, 12:15 p.m. | 5 hours, 10 minutes ago
Description : A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2024-41986 - Siemens Opcenter QL Home, SOA Audit, and SOA Cockpit TLS Insecure Protocol Vulnerability

CVE ID : CVE-2024-41986
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2024-52504 - Siemens SIPROTEC 4 Remote File Transfer Denial of Service

CVE ID : CVE-2024-52504
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2024-54678 - Siemens SIMATIC and TIA Portal Named Pipe Remote Code Execution Vulnerability

CVE ID : CVE-2024-54678
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-30033 - Apache Setup DLL Hijacking Vulnerability

CVE ID : CVE-2025-30033
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-30034 - "SIMATIC RTLS Locating Manager Unauthenticated Local Denial of Service"

CVE ID : CVE-2025-30034
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-33023 - RUGGEDCOM ROX File Upload Privilege Escalation Vulnerability

CVE ID : CVE-2025-33023
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40570 - Siemens SIPROTEC 5 USB Port Bandwidth Exhaustion Vulnerability

CVE ID : CVE-2025-40570
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40584 - Siemens SIMOTION and SINAMICS XXE File Disclosure Vulnerability

CVE ID : CVE-2025-40584
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40743 - Siemens SINUMERIK VNC Authentication Bypass

CVE ID : CVE-2025-40743
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40746 - "Siemens SIMATIC RTLS Locating Manager Remote Code Execution Vulnerability"

CVE ID : CVE-2025-40746
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40751 - SIMATIC RTLS Locating Manager Credential Exposure (Authentication Bypass)

CVE ID : CVE-2025-40751
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40752 - SICAM Power Meter Password Storage Vulnerability

CVE ID : CVE-2025-40752
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40753 - SICAM Power Meter SMTP Password Exposure

CVE ID : CVE-2025-40753
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40759 - Siemens TIA Portal and SIMATIC Products Remote Code Execution Vulnerability

CVE ID : CVE-2025-40759
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions). Affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40761 - RUGGEDCOM ROX Devices Physical Access Bypass Authentication Vulnerability

CVE ID : CVE-2025-40761
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode. This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40762 - "Simcenter Femap STP File Out-of-Bounds Write Vulnerability"

CVE ID : CVE-2025-40762
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-40764 - Simcenter Femap BMP File Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-40764
Published : Aug. 12, 2025, 12:15 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2024-41984 - Siemens Opcenter QL Home, SOA Audit, and SOA Cockpit Improper Error Handling Exposes System Applications

CVE ID : CVE-2024-41984
Published : Aug. 12, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2024-41985 - Siemens Opcenter QL Home and SOA Session Persistence Vulnerability

CVE ID : CVE-2024-41985
Published : Aug. 12, 2025, 12:15 p.m. | 1 hour, 48 minutes ago
Description : A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2024-41983 - Siemens Opcenter QL Home, SOA Audit, and SOA Cockpit SQL Injection Vulnerability

CVE ID : CVE-2024-41983
Published : Aug. 12, 2025, 12:15 p.m. | 22 minutes ago
Description : A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 12:15:00 GMT

read more

CVE-2025-43736 - Liferay Portal Liferay DXP File Upload Denial Of Service (DOS)

CVE ID : CVE-2025-43736
Published : Aug. 12, 2025, 11:15 a.m. | 53 minutes ago
Description : A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload more than 300kb profile picture into the user profile. This size more than the noted max 300kb size. This extra amount of data can make Liferay slower.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 11:15:00 GMT

read more

CVE-2025-8885 - Bouncy Castle for Java Resource Allocation Denial of Service

CVE ID : CVE-2025-8885
Published : Aug. 12, 2025, 10:15 a.m. | 1 hour, 53 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 10:15:00 GMT

read more

CVE-2025-26398 - SolarWinds Database Performance Analyzer Cryptographic Key Disclosure

CVE ID : CVE-2025-26398
Published : Aug. 12, 2025, 8:15 a.m. | 3 hours, 53 minutes ago
Description : SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 08:15:00 GMT

read more

CVE-2025-41686 - Microsoft NSSM Elevation of Privilege

CVE ID : CVE-2025-41686
Published : Aug. 12, 2025, 8:15 a.m. | 3 hours, 53 minutes ago
Description : A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 08:15:00 GMT

read more

CVE-2025-47444 - Liquid Web GiveWP Sensitive Data Retrieval Vulnerability

CVE ID : CVE-2025-47444
Published : Aug. 12, 2025, 7:15 a.m. | 4 hours, 53 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 07:15:00 GMT

read more

CVE-2025-8418 - WordPress B Slider-Gutenberg Slider Block Plugin Arbitrary Plugin Installation Vulnerability

CVE ID : CVE-2025-8418
Published : Aug. 12, 2025, 7:15 a.m. | 4 hours, 53 minutes ago
Description : The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 07:15:00 GMT

read more

CVE-2025-8482 - WordPress Simple Local Avatars Unauthenticated Data Modification Vulnerability

CVE ID : CVE-2025-8482
Published : Aug. 12, 2025, 7:15 a.m. | 4 hours, 53 minutes ago
Description : The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 07:15:00 GMT

read more

CVE-2025-8767 - WordPress AnWP Football Leagues Plugin CSV Injection Vulnerability

CVE ID : CVE-2025-8767
Published : Aug. 12, 2025, 7:15 a.m. | 4 hours, 53 minutes ago
Description : The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 07:15:00 GMT

read more

CVE-2025-8874 - Elementor Addons - WordPress Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8874
Published : Aug. 12, 2025, 7:15 a.m. | 4 hours, 53 minutes ago
Description : The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 07:15:00 GMT

read more

CVE-2025-30027 - Axis ACAP Code Execution Vulnerability

CVE ID : CVE-2025-30027
Published : Aug. 12, 2025, 6:15 a.m. | 5 hours, 53 minutes ago
Description : An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 06:15:00 GMT

read more

CVE-2025-3892 - Axis ACAP Privilege Escalation Vulnerability

CVE ID : CVE-2025-3892
Published : Aug. 12, 2025, 6:15 a.m. | 5 hours, 53 minutes ago
Description : ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 06:15:00 GMT

read more

CVE-2025-6253 - "UiCore Elements WordPress Arbitrary File Read Vulnerability"

CVE ID : CVE-2025-6253
Published : Aug. 12, 2025, 6:15 a.m. | 5 hours, 53 minutes ago
Description : The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient controls on the filename specified. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 06:15:00 GMT

read more

CVE-2025-8081 - Elementor WordPress Arbitrary File Read Vulnerability

CVE ID : CVE-2025-8081
Published : Aug. 12, 2025, 6:15 a.m. | 5 hours, 53 minutes ago
Description : The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 06:15:00 GMT

read more

CVE-2025-7622 - Apache Server-Side Request Forgery

CVE ID : CVE-2025-7622
Published : Aug. 12, 2025, 5:15 a.m. | 6 hours, 53 minutes ago
Description : During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 05:15:00 GMT

read more

CVE-2025-8059 - WordPress B Blocks Privilege Escalation

CVE ID : CVE-2025-8059
Published : Aug. 12, 2025, 5:15 a.m. | 6 hours, 53 minutes ago
Description : The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 05:15:00 GMT

read more

CVE-2025-8314 - WordPress Software Issue Manager Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8314
Published : Aug. 12, 2025, 5:15 a.m. | 6 hours, 53 minutes ago
Description : The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 05:15:00 GMT

read more

CVE-2025-42976 - SAP NetWeaver Application Server ABAP Buffer Overflow

CVE ID : CVE-2025-42976
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-4390 - WordPress Private Content Plus Sensitive Information Exposure

CVE ID : CVE-2025-4390
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted posts on archive and feed pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-5391 - WooCommerce Purchase Orders Remote Code Execution via File Deletion Vulnerability

CVE ID : CVE-2025-5391
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-8462 - Elementor RT Easy Builder Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8462
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-8568 - WordPress GMap Generator Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8568
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-8621 - Mosaic Generator Stored Cross-Site Scripting Vulnerability in WordPress

CVE ID : CVE-2025-8621
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-8685 - WordPress Wp Chart Generator Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8685
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-8688 - WordPress Inline Stock Quotes Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8688
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-8690 - WordPress Simple Responsive Slider Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8690
Published : Aug. 12, 2025, 3:15 a.m. | 8 hours, 53 minutes ago
Description : The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42957 - SAP S/4HANA ABAP Code Injection Backdoor Vulnerability

CVE ID : CVE-2025-42957
Published : Aug. 12, 2025, 3:15 a.m. | 6 hours, 57 minutes ago
Description : SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42975 - SAP NetWeaver Application Server ABAP Cross-Site Scripting (XSS)

CVE ID : CVE-2025-42975
Published : Aug. 12, 2025, 3:15 a.m. | 6 hours, 57 minutes ago
Description : SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42951 - SAP Business One (SLD) Privilege Escalation Vulnerability

CVE ID : CVE-2025-42951
Published : Aug. 12, 2025, 3:15 a.m. | 4 hours, 53 minutes ago
Description : Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42955 - SAP Cloud Connector LDAP Connection Testing Information Disclosure

CVE ID : CVE-2025-42955
Published : Aug. 12, 2025, 3:15 a.m. | 4 hours, 53 minutes ago
Description : Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42936 - SAP NetWeaver Application Server for ABAP Privilege Escalation Vulnerability

CVE ID : CVE-2025-42936
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42941 - SAP Fiori Launchpad Reverse Tabnabbing Vulnerability

CVE ID : CVE-2025-42941
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link () elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42942 - SAP NetWeaver Application Server for ABAP Cross-Site Scripting (XSS)

CVE ID : CVE-2025-42942
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42943 - SAP GUI for Windows NTLM Hash Leak

CVE ID : CVE-2025-42943
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42945 - SAP NetWeaver Application Server ABAP HTML Injection Vulnerability

CVE ID : CVE-2025-42945
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42946 - SAP S/4HANA (Bank Communication Management) Directory Traversal Vulnerability

CVE ID : CVE-2025-42946
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacker to potentially read or delete these files hence causing a high impact on confidentiality and low impact on integrity. There is no impact on availability of the system.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42948 - SAP NetWeaver ABAP Platform Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-42948
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42949 - Oracle ABAP Platform SQL Injection Vulnerability

CVE ID : CVE-2025-42949
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42950 - SAP SLT ABAP Code Injection Vulnerability

CVE ID : CVE-2025-42950
Published : Aug. 12, 2025, 3:15 a.m. | 3 hours, 44 minutes ago
Description : SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42934 - SAP S/4HANA CRLF Injection Vulnerability

CVE ID : CVE-2025-42934
Published : Aug. 12, 2025, 3:15 a.m. | 1 hour, 44 minutes ago
Description : SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application's integrity and no impact on confidentiality or availability.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

CVE-2025-42935 - SAP NetWeaver Application Server ABAP and ABAP Platform ICM Information Disclosure Vulnerability

CVE ID : CVE-2025-42935
Published : Aug. 12, 2025, 3:15 a.m. | 1 hour, 44 minutes ago
Description : The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 12 Aug 2025 03:15:00 GMT

read more

Fuite de données chez Alltricks

intrusion liste de diffusion

Tue Aug 12 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-55161 - Stirling-PDF SSRF

CVE ID : CVE-2025-55161
Published : Aug. 11, 2025, 11:15 p.m. | 5 hours, 44 minutes ago
Description : Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 23:15:00 GMT

read more

CVE-2025-55156 - PyLoad SQL Injection Vulnerability

CVE ID : CVE-2025-55156
Published : Aug. 11, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 23:15:00 GMT

read more

CVE-2025-55157 - Vim Use-After-Free Vulnerability

CVE ID : CVE-2025-55157
Published : Aug. 11, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 23:15:00 GMT

read more

CVE-2025-55158 - Vim Double-Free Typval Management Vulnerability

CVE ID : CVE-2025-55158
Published : Aug. 11, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 23:15:00 GMT

read more

CVE-2025-55159 - Apache Slab Uninitialized Memory Access Vulnerability

CVE ID : CVE-2025-55159
Published : Aug. 11, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 23:15:00 GMT

read more

CVE-2025-25235 - Omnissa Secure Email Gateway (SEG) SSRF

CVE ID : CVE-2025-25235
Published : Aug. 11, 2025, 10:15 p.m. | 4 hours, 21 minutes ago
Description : Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 22:15:00 GMT

read more

CVE-2025-54992 - OpenKilda OpenFlow XXE Injection

CVE ID : CVE-2025-54992
Published : Aug. 11, 2025, 10:15 p.m. | 4 hours, 21 minutes ago
Description : OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 22:15:00 GMT

read more

CVE-2025-55012 - Zed Agent Panel Remote Code Execution Permissions Bypass

CVE ID : CVE-2025-55012
Published : Aug. 11, 2025, 10:15 p.m. | 4 hours, 21 minutes ago
Description : Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 22:15:00 GMT

read more

CVE-2025-55150 - Stirling-PDF SSRF Vulnerability

CVE ID : CVE-2025-55150
Published : Aug. 11, 2025, 10:15 p.m. | 4 hours, 21 minutes ago
Description : Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 22:15:00 GMT

read more

CVE-2025-55151 - Stirling-PDF SSRF Vulnerability

CVE ID : CVE-2025-55151
Published : Aug. 11, 2025, 10:15 p.m. | 4 hours, 21 minutes ago
Description : Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 22:15:00 GMT

read more

CVE-2024-32640 - MASA CMS SQL Injection Vulnerability

CVE ID : CVE-2024-32640
Published : Aug. 11, 2025, 9:15 p.m. | 5 hours, 21 minutes ago
Description : MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 21:15:00 GMT

read more

CVE-2025-40920 - Apache::Catalyst::Authentication::Credential::HTTP Weak Nonce Generation

CVE ID : CVE-2025-40920
Published : Aug. 11, 2025, 9:15 p.m. | 5 hours, 21 minutes ago
Description : Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 21:15:00 GMT

read more

CVE-2025-54878 - NASA CryptoLib Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-54878
Published : Aug. 11, 2025, 9:15 p.m. | 5 hours, 21 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 21:15:00 GMT

read more

CVE-2025-53190 - ABB Aspect Authentication Bypass

CVE ID : CVE-2025-53190
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-53191 - ABB Aspect Missing Authentication for Critical Function Vulnerability

CVE ID : CVE-2025-53191
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-53514 - Mattermost Confluence Plugin Denial of Service (DoS)

CVE ID : CVE-2025-53514
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-53857 - Mattermost Confluence Plugin Information Disclosure Vulnerability

CVE ID : CVE-2025-53857
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-53910 - Mattermost Confluence Plugin Authentication Bypass

CVE ID : CVE-2025-53910
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-54458 - Mattermost Confluence Plugin Unauthorized Subscription Creation Vulnerability

CVE ID : CVE-2025-54458
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-54463 - Mattermost Confluence Plugin Denial of Service (DoS)

CVE ID : CVE-2025-54463
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-54478 - Mattermost Confluence Plugin Authentication Bypass

CVE ID : CVE-2025-54478
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-54525 - Mattermost Confluence Plugin Denial of Service (DoS)

CVE ID : CVE-2025-54525
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-7677 - "ABB Aspect Missing Authentication for Critical Function"

CVE ID : CVE-2025-7677
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-7679 - ABB Aspect Missing Authentication for Critical Function

CVE ID : CVE-2025-7679
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-8285 - Mattermost Confluence Plugin Authentication Bypass

CVE ID : CVE-2025-8285
Published : Aug. 11, 2025, 7:15 p.m. | 7 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-51823 - Libcsp Buffer Overflow Vulnerability

CVE ID : CVE-2025-51823
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 21 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-51824 - Zephyr libcsp Buffer Overflow

CVE ID : CVE-2025-51824
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 21 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-52931 - Mattermost Confluence Plugin Denial of Service (DoS)

CVE ID : CVE-2025-52931
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 21 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-53188 - ABB Aspect Unprotected Credentials

CVE ID : CVE-2025-53188
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 21 minutes ago
Description : Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-53189 - ABB Aspect Authorization Bypass Through User-Controlled Key Vulnerability

CVE ID : CVE-2025-53189
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 21 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-25229 - VMware Workspace ONE UEM SSRF Vulnerability

CVE ID : CVE-2025-25229
Published : Aug. 11, 2025, 7:15 p.m. | 2 hours, 30 minutes ago
Description : Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-44001 - Mattermost Confluence Plugin Unauthenticated Channel Subscription Information Disclosure

CVE ID : CVE-2025-44001
Published : Aug. 11, 2025, 7:15 p.m. | 2 hours, 30 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-44004 - Mattermost Confluence Plugin Auth Bypass

CVE ID : CVE-2025-44004
Published : Aug. 11, 2025, 7:15 p.m. | 2 hours, 30 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-48731 - Mattermost Confluence Plugin Unauthorized Access and Subscription Manipulation Vulnerability

CVE ID : CVE-2025-48731
Published : Aug. 11, 2025, 7:15 p.m. | 2 hours, 30 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-49221 - Mattermost Confluence Plugin Authentication Bypass

CVE ID : CVE-2025-49221
Published : Aug. 11, 2025, 7:15 p.m. | 2 hours, 30 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 19:15:00 GMT

read more

CVE-2025-25231 - VMware Workspace ONE UEM Path Traversal Information Disclosure

CVE ID : CVE-2025-25231
Published : Aug. 11, 2025, 6:15 p.m. | 2 hours, 20 minutes ago
Description : Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 18:15:00 GMT

read more

CVE-2025-53187 - ABB ASPECT Code Injection Vulnerability

CVE ID : CVE-2025-53187
Published : Aug. 11, 2025, 6:15 p.m. | 2 hours, 20 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 18:15:00 GMT

read more

CVE-2025-54063 - Cherry Studio Custom URL Handler Remote Code Execution Vulnerability

CVE ID : CVE-2025-54063
Published : Aug. 11, 2025, 6:15 p.m. | 2 hours, 20 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 18:15:00 GMT

read more

CVE-2025-8866 - YugabyteDB Anywhere Authentication Bypass

CVE ID : CVE-2025-8866
Published : Aug. 11, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 17:15:00 GMT

read more

CVE-2025-38499 - Linux Kernel Clone Private Mnt userns Privilege Escalation Vulnerability

CVE ID : CVE-2025-38499
Published : Aug. 11, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 16:15:00 GMT

read more

CVE-2025-45146 - ModelCache for LLM Deserialization Vulnerability

CVE ID : CVE-2025-45146
Published : Aug. 11, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 16:15:00 GMT

read more

CVE-2012-10037 - Apache PhpTax Remote Code Execution Vulnerability

CVE ID : CVE-2012-10037
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 15:15:00 GMT

read more

CVE-2012-10038 - Auxilium RateMyPet Unauthenticated Remote Code Execution (RCE) via File Upload

CVE ID : CVE-2012-10038
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 15:15:00 GMT

read more

CVE-2012-10039 - ZEN Load Balancer Root Code Execution Vulnerability

CVE ID : CVE-2012-10039
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user. ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 15:15:00 GMT

read more

CVE-2012-10040 - Openfiler Command Injection Vulnerability

CVE ID : CVE-2012-10040
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 15:15:00 GMT

read more

CVE-2025-8859 - Code-projects eBlog Site File Upload Module Unrestricted Upload Vulnerability

CVE ID : CVE-2025-8859
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 15:15:00 GMT

read more

CVE-2025-8865 - YugabyteDB YCQL DoS Denial of Service

CVE ID : CVE-2025-8865
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 15:15:00 GMT

read more

CVE-2025-8851 - LibTIFF Stack-Based Buffer Overflow

CVE ID : CVE-2025-8851
Published : Aug. 11, 2025, 2:15 p.m. | 4 hours, 20 minutes ago
Description : A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 14:15:00 GMT

read more

CVE-2025-8852 - WuKongOpenSource WukongCRM File Upload API Response Handler Information Exposure Vulnerability

CVE ID : CVE-2025-8852
Published : Aug. 11, 2025, 2:15 p.m. | 4 hours, 20 minutes ago
Description : A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 14:15:00 GMT

read more

CVE-2025-8864 - Yugabyte Shared Access Signature Token Exposed

CVE ID : CVE-2025-8864
Published : Aug. 11, 2025, 2:15 p.m. | 4 hours, 20 minutes ago
Description : Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 14:15:00 GMT

read more

CVE-2025-8672 - GIMP for MacOS Local Privilege Escalation

CVE ID : CVE-2025-8672
Published : Aug. 11, 2025, 1:15 p.m. | 5 hours, 20 minutes ago
Description : MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent. This issue has been fixed in 3.1.4.2 version of GIMP.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 13:15:00 GMT

read more

CVE-2025-8845 - "NASM Netwide Assembler Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-8845
Published : Aug. 11, 2025, 1:15 p.m. | 5 hours, 20 minutes ago
Description : A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 13:15:00 GMT

read more

CVE-2025-8846 - "NASM Netwide Assembler Stack-Based Buffer Overflow"

CVE ID : CVE-2025-8846
Published : Aug. 11, 2025, 1:15 p.m. | 5 hours, 20 minutes ago
Description : A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 13:15:00 GMT

read more

CVE-2025-8847 - RuoYi Yangzongzhuan Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8847
Published : Aug. 11, 2025, 1:15 p.m. | 5 hours, 20 minutes ago
Description : A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 13:15:00 GMT

read more

CVE-2025-8862 - YugabyteDB Information Disclosure Vulnerability

CVE ID : CVE-2025-8862
Published : Aug. 11, 2025, 1:15 p.m. | 5 hours, 20 minutes ago
Description : YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 13:15:00 GMT

read more

CVE-2025-8863 - YugabyteDB Information Disclosure

CVE ID : CVE-2025-8863
Published : Aug. 11, 2025, 1:15 p.m. | 5 hours, 20 minutes ago
Description : YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 13:15:00 GMT

read more

CVE-2025-8844 - "NASM Netwide Assembler Null Pointer Dereference Vulnerability"

CVE ID : CVE-2025-8844
Published : Aug. 11, 2025, 12:15 p.m. | 6 hours, 20 minutes ago
Description : A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 12:15:00 GMT

read more

CVE-2025-8842 - NASM Netwide Assembler Use After Free Vulnerability

CVE ID : CVE-2025-8842
Published : Aug. 11, 2025, 11:15 a.m. | 7 hours, 20 minutes ago
Description : A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 11:15:00 GMT

read more

CVE-2025-8843 - NASM Netwide Assembler Heap-Based Buffer Overflow

CVE ID : CVE-2025-8843
Published : Aug. 11, 2025, 11:15 a.m. | 7 hours, 20 minutes ago
Description : A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 11:15:00 GMT

read more

CVE-2025-8841 - Zlt2000 Microservices-Platform Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-8841
Published : Aug. 11, 2025, 10:15 a.m. | 8 hours, 20 minutes ago
Description : A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 10:15:00 GMT

read more

CVE-2025-8840 - jshERP Unauthenticated Remote Code Execution

CVE ID : CVE-2025-8840
Published : Aug. 11, 2025, 10:15 a.m. | 7 hours, 54 minutes ago
Description : A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 10:15:00 GMT

read more

CVE-2025-8839 - jshERP Remote Authorization Bypass Vulnerability

CVE ID : CVE-2025-8839
Published : Aug. 11, 2025, 9:15 a.m. | 8 hours, 55 minutes ago
Description : A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 09:15:00 GMT

read more

CVE-2025-8853 - 2100 Technology Official Document Management System Authentication Bypass

CVE ID : CVE-2025-8853
Published : Aug. 11, 2025, 9:15 a.m. | 8 hours, 55 minutes ago
Description : Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 09:15:00 GMT

read more

CVE-2025-8838 - WinterChenS my-site PreHandle Uri Improper Authentication Remote Vulnerability

CVE ID : CVE-2025-8838
Published : Aug. 11, 2025, 9:15 a.m. | 7 hours, 57 minutes ago
Description : A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 09:15:00 GMT

read more

CVE-2025-8836 - JasPer JPEG2000 Encoder Reachable Assertion Vulnerability

CVE ID : CVE-2025-8836
Published : Aug. 11, 2025, 8:15 a.m. | 7 hours, 37 minutes ago
Description : A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 08:15:00 GMT

read more

CVE-2025-8837 - JasPer JPEG2000 File Handler Use After Free Vulnerability

CVE ID : CVE-2025-8837
Published : Aug. 11, 2025, 8:15 a.m. | 7 hours, 37 minutes ago
Description : A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 08:15:00 GMT

read more

CVE-2025-8660 - Apache Privilege Escalation Vulnerability

CVE ID : CVE-2025-8660
Published : Aug. 11, 2025, 8:15 a.m. | 6 hours, 25 minutes ago
Description : Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 08:15:00 GMT

read more

CVE-2025-8661 - Apache Server Stored XSS

CVE ID : CVE-2025-8661
Published : Aug. 11, 2025, 8:15 a.m. | 6 hours, 25 minutes ago
Description : A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 08:15:00 GMT

read more

CVE-2025-8747 - Keras Safe Mode Bypass Arbitrary Code Execution

CVE ID : CVE-2025-8747
Published : Aug. 11, 2025, 8:15 a.m. | 6 hours, 25 minutes ago
Description : A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 08:15:00 GMT

read more

CVE-2025-8833 - Linksys RE Series Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8833
Published : Aug. 11, 2025, 7:15 a.m. | 7 hours, 25 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 07:15:00 GMT

read more

CVE-2025-8834 - JCG Link-net LW-N915R Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8834
Published : Aug. 11, 2025, 7:15 a.m. | 7 hours, 25 minutes ago
Description : A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack remotely.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 07:15:00 GMT

read more

CVE-2025-8835 - JasPer Jas Image Color Space Conversion Handler Null Pointer Dereference

CVE ID : CVE-2025-8835
Published : Aug. 11, 2025, 7:15 a.m. | 7 hours, 25 minutes ago
Description : A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 07:15:00 GMT

read more

CVE-2025-7965 - "CBX Restaurant Booking WordPress CSRF Settings Update Vulnerability"

CVE ID : CVE-2025-7965
Published : Aug. 11, 2025, 6:15 a.m. | 7 hours, 32 minutes ago
Description : The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 06:15:00 GMT

read more

CVE-2025-8832 - Linksys WAP Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8832
Published : Aug. 11, 2025, 6:15 a.m. | 7 hours, 32 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 06:15:00 GMT

read more

CVE-2025-8854 - Bullet Physics LoadOFF Stack-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8854
Published : Aug. 11, 2025, 5:15 a.m. | 8 hours, 32 minutes ago
Description : Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 05:15:00 GMT

read more

CVE-2025-8830 - Linksys Router Os Command Injection Vulnerability

CVE ID : CVE-2025-8830
Published : Aug. 11, 2025, 5:15 a.m. | 8 hours, 13 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 05:15:00 GMT

read more

CVE-2025-8831 - Linksys Wireless Router Remote Management Stack Buffer Overflow Vulnerability

CVE ID : CVE-2025-8831
Published : Aug. 11, 2025, 5:15 a.m. | 8 hours, 13 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 05:15:00 GMT

read more

CVE-2025-27577 - Apache OpenHarmony TCB Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-27577
Published : Aug. 11, 2025, 4:15 a.m. | 9 hours, 13 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-8827 - Linksys Router Remote Os Command Injection Vulnerability

CVE ID : CVE-2025-8827
Published : Aug. 11, 2025, 4:15 a.m. | 9 hours, 13 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-8828 - Linksys RE Series IPv6 Command Injection Vulnerability

CVE ID : CVE-2025-8828
Published : Aug. 11, 2025, 4:15 a.m. | 9 hours, 13 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-8829 - Linksys Wireless Router OS Command Injection Vulnerability

CVE ID : CVE-2025-8829
Published : Aug. 11, 2025, 4:15 a.m. | 9 hours, 13 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-27562 - OpenHarmony DoS Memory Leak

CVE ID : CVE-2025-27562
Published : Aug. 11, 2025, 4:15 a.m. | 7 hours, 52 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-27128 - OpenHarmony TCB Use After Free Arbitrary Code Execution

CVE ID : CVE-2025-27128
Published : Aug. 11, 2025, 4:15 a.m. | 7 hours, 13 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-27536 - OpenHarmony Type Confusion DOS

CVE ID : CVE-2025-27536
Published : Aug. 11, 2025, 4:15 a.m. | 7 hours, 13 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-25278 - OpenHarmony TCB Race Condition Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-25278
Published : Aug. 11, 2025, 4:15 a.m. | 5 hours, 31 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-26690 - OpenHarmony NULL Pointer Dereference Denial of Service Vulnerability

CVE ID : CVE-2025-26690
Published : Aug. 11, 2025, 4:15 a.m. | 5 hours, 31 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-24844 - OpenHarmony Memory Leaking DOS Vulnerability

CVE ID : CVE-2025-24844
Published : Aug. 11, 2025, 4:15 a.m. | 4 hours, 18 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-24925 - OpenHarmony Memory Leaks Denial of Service Vulnerability

CVE ID : CVE-2025-24925
Published : Aug. 11, 2025, 4:15 a.m. | 4 hours, 18 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-25212 - OpenHarmony Denial of Service Vulnerability

CVE ID : CVE-2025-25212
Published : Aug. 11, 2025, 4:15 a.m. | 4 hours, 18 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-24298 - OpenHarmony TCB Use-After-Free Vulnerability

CVE ID : CVE-2025-24298
Published : Aug. 11, 2025, 4:15 a.m. | 3 hours, 13 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 04:15:00 GMT

read more

CVE-2025-8825 - Linksys Router OS Command Injection Vulnerability

CVE ID : CVE-2025-8825
Published : Aug. 11, 2025, 3:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 03:15:00 GMT

read more

CVE-2025-8826 - Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8826
Published : Aug. 11, 2025, 3:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 03:15:00 GMT

read more

CVE-2025-8823 - Linksys Wireless Router Os Command Injection Vulnerability

CVE ID : CVE-2025-8823
Published : Aug. 11, 2025, 2:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 02:15:00 GMT

read more

CVE-2025-8824 - Linksys Wireless Routers Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8824
Published : Aug. 11, 2025, 2:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 02:15:00 GMT

read more

CVE-2025-8821 - Linksys WiFi Router OS Command Injection Vulnerability

CVE ID : CVE-2025-8821
Published : Aug. 11, 2025, 1:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 01:15:00 GMT

read more

CVE-2025-8822 - Linksys RE Series Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8822
Published : Aug. 11, 2025, 1:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 01:15:00 GMT

read more

CVE-2025-8820 - Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8820
Published : Aug. 11, 2025, 12:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 11 Aug 2025 00:15:00 GMT

read more

CVE-2025-8818 - Linksys Wi-Fi Router OS Command Injection Vulnerability

CVE ID : CVE-2025-8818
Published : Aug. 10, 2025, 11:15 p.m. | 6 hours, 32 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 23:15:00 GMT

read more

CVE-2025-8819 - Linksys Router Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8819
Published : Aug. 10, 2025, 11:15 p.m. | 6 hours, 31 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 23:15:00 GMT

read more

CVE-2025-8817 - Linksys RE Series Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8817
Published : Aug. 10, 2025, 10:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 22:15:00 GMT

read more

CVE-2025-8815 - Shiro Configuration Path Traversal Vulnerability

CVE ID : CVE-2025-8815
Published : Aug. 10, 2025, 4:15 p.m. | 13 hours, 13 minutes ago
Description : A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 16:15:00 GMT

read more

CVE-2025-8816 - Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-8816
Published : Aug. 10, 2025, 4:15 p.m. | 13 hours, 13 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 16:15:00 GMT

read more

CVE-2025-8813 - Atjiu Pybbs Open Redirect Vulnerability

CVE ID : CVE-2025-8813
Published : Aug. 10, 2025, 3:15 p.m. | 11 hours, 18 minutes ago
Description : A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 15:15:00 GMT

read more

CVE-2025-8814 - Atjiu Pybbs Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-8814
Published : Aug. 10, 2025, 3:15 p.m. | 11 hours, 18 minutes ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 15:15:00 GMT

read more

CVE-2025-8810 - Tenda AC20 Buffer Overflow Vulnerability

CVE ID : CVE-2025-8810
Published : Aug. 10, 2025, 2:15 p.m. | 12 hours, 18 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 14:15:00 GMT

read more

CVE-2025-8811 - Apache Solr SQL Injection Vulnerability

CVE ID : CVE-2025-8811
Published : Aug. 10, 2025, 2:15 p.m. | 12 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 14:15:00 GMT

read more

CVE-2025-8812 - Atjiu Pybbs Admin Panel Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8812
Published : Aug. 10, 2025, 2:15 p.m. | 12 hours, 18 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 14:15:00 GMT

read more

CVE-2025-8809 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8809
Published : Aug. 10, 2025, 1:15 p.m. | 13 hours, 18 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 13:15:00 GMT

read more

CVE-2025-8807 - "Xujeff Tianti 天梯 Remote Missing Authorization Vulnerability"

CVE ID : CVE-2025-8807
Published : Aug. 10, 2025, 12:15 p.m. | 14 hours, 18 minutes ago
Description : A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 12:15:00 GMT

read more

CVE-2025-8808 - Tianti CSV Injection Vulnerability

CVE ID : CVE-2025-8808
Published : Aug. 10, 2025, 12:15 p.m. | 14 hours, 18 minutes ago
Description : A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 12:15:00 GMT

read more

CVE-2025-8805 - Open5GS SMF Denial of Service Vulnerability

CVE ID : CVE-2025-8805
Published : Aug. 10, 2025, 11:15 a.m. | 15 hours, 18 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.5 and classified as problematic. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 11:15:00 GMT

read more

CVE-2025-8806 - Zhilink ADP Application Developer Platform SQL Injection Vulnerability

CVE ID : CVE-2025-8806
Published : Aug. 10, 2025, 11:15 a.m. | 15 hours, 18 minutes ago
Description : A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 11:15:00 GMT

read more

CVE-2025-8803 - Open5GS Denial of Service Vulnerability

CVE ID : CVE-2025-8803
Published : Aug. 10, 2025, 10:15 a.m. | 16 hours, 18 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Open5GS up to 2.7.5. Affected is the function gmm_state_de_registered/gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 1f30edac27f69f61cff50162e980fe58fdeb30ca. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 10:15:00 GMT

read more

CVE-2025-8804 - Open5GS AMF Remote Assertion Vulnerability

CVE ID : CVE-2025-8804
Published : Aug. 10, 2025, 10:15 a.m. | 16 hours, 18 minutes ago
Description : A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is bca0a7b6e01d254f4223b83831162566d4626428. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 10:15:00 GMT

read more

CVE-2025-8801 - Open5GS Denial of Service Vulnerability

CVE ID : CVE-2025-8801
Published : Aug. 10, 2025, 9:15 a.m. | 17 hours, 18 minutes ago
Description : A vulnerability classified as problematic has been found in Open5GS up to 2.7.5. This affects the function gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is f47f2bd4f7274295c5fbb19e2f806753d183d09a. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 09:15:00 GMT

read more

CVE-2025-8802 - Open5GS SMF Denial of Service Vulnerability

CVE ID : CVE-2025-8802
Published : Aug. 10, 2025, 9:15 a.m. | 17 hours, 18 minutes ago
Description : A vulnerability classified as problematic was found in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument stream leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version v2.7.6 is able to address this issue. The patch is identified as f168f7586a4fa536cee95ae60ac437d997f15b97. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 09:15:00 GMT

read more

CVE-2025-8800 - Open5GS AMF Component Denial of Service Vulnerability

CVE ID : CVE-2025-8800
Published : Aug. 10, 2025, 8:15 a.m. | 18 hours, 18 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.5. It has been rated as problematic. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service. The attack may be launched remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 701505102f514cbde2856cd2ebc9bedb7efc820d. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 08:15:00 GMT

read more

CVE-2025-8799 - Open5GS AMF Denial of Service Vulnerability

CVE ID : CVE-2025-8799
Published : Aug. 10, 2025, 8:15 a.m. | 17 hours, 31 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is the function amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context of the file src/amf/npcf-build.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is named cf63dd63197bf61a4b041aa364ba6a6199ab15e4. It is recommended to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 08:15:00 GMT

read more

CVE-2025-8798 - Samarium Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-8798
Published : Aug. 10, 2025, 7:15 a.m. | 18 hours, 31 minutes ago
Description : A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 07:15:00 GMT

read more

CVE-2025-8797 - "LitmusChaos Litmus LocalStorage Handler Remote Permission Vulnerability"

CVE ID : CVE-2025-8797
Published : Aug. 10, 2025, 7:15 a.m. | 16 hours, 45 minutes ago
Description : A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 07:15:00 GMT

read more

CVE-2025-8795 - LitmusChaos Litmus Remote File Inclusion Vulnerability

CVE ID : CVE-2025-8795
Published : Aug. 10, 2025, 6:15 a.m. | 17 hours, 45 minutes ago
Description : A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 06:15:00 GMT

read more

CVE-2025-8796 - LitmusChaos Litmus Missing Authorization Vulnerability

CVE ID : CVE-2025-8796
Published : Aug. 10, 2025, 6:15 a.m. | 17 hours, 44 minutes ago
Description : A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 06:15:00 GMT

read more

CVE-2025-8794 - LitmusChaos Litmus LocalStorage Handler Authorization Bypass

CVE ID : CVE-2025-8794
Published : Aug. 10, 2025, 5:15 a.m. | 18 hours, 5 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 05:15:00 GMT

read more

CVE-2025-8793 - "LitmusChaos Litmus Remote Resource Identifier Improper Control Vulnerability"

CVE ID : CVE-2025-8793
Published : Aug. 10, 2025, 4:15 a.m. | 19 hours, 4 minutes ago
Description : A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 04:15:00 GMT

read more

CVE-2025-8792 - "LitmusChaos Litmus Client-Side Enforcement of Server-Side Security Remote Vulnerability"

CVE ID : CVE-2025-8792
Published : 10. elokuuta 2025 kello 4.15 | 17 tuntia, 44 minuuttia ago
Description : A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 04:15:00 GMT

read more

CVE-2025-52136 - EMQX Unvalidated Plugin Installation Vulnerability

CVE ID : CVE-2025-52136
Published : Aug. 10, 2025, 4:15 a.m. | 11 hours, 25 minutes ago
Description : In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 04:15:00 GMT

read more

CVE-2025-8791 - LitmusChaos Litmus Remote File Authorization Bypass

CVE ID : CVE-2025-8791
Published : Aug. 10, 2025, 4:15 a.m. | 11 hours, 25 minutes ago
Description : A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 04:15:00 GMT

read more

CVE-2025-8789 - Portabilis i-Educar API Endpoint Remote Authorization Bypass Vulnerability

CVE ID : CVE-2025-8789
Published : Aug. 10, 2025, 3:15 a.m. | 11 hours, 17 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 03:15:00 GMT

read more

CVE-2025-8790 - Portabilis i-Educar Remote API Endpoint Authorization Bypass Vulnerability

CVE ID : CVE-2025-8790
Published : Aug. 10, 2025, 3:15 a.m. | 11 hours, 17 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 03:15:00 GMT

read more

CVE-2025-8788 - Portabilis i-Diario Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8788
Published : Aug. 10, 2025, 3:15 a.m. | 10 hours, 38 minutes ago
Description : A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 03:15:00 GMT

read more

CVE-2025-8787 - Portabilis i-Diario Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8787
Published : Aug. 10, 2025, 2:15 a.m. | 11 hours, 38 minutes ago
Description : A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 02:15:00 GMT

read more

CVE-2025-8786 - Portabilis i-Diario Cross Site Scripting Vulnerability

CVE ID : CVE-2025-8786
Published : Aug. 10, 2025, 1:15 a.m. | 12 hours, 38 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the file /registros-de-conteudos-por-areas-de-conhecimento/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 01:15:00 GMT

read more

CVE-2025-8785 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8785
Published : Aug. 10, 2025, 12:15 a.m. | 13 hours, 4 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educar_usuario_lst.php. The manipulation of the argument nm_pessoa/matricula/matricula_interna leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 10 Aug 2025 00:15:00 GMT

read more

CVE-2025-8784 - Portabilis i-Educar Cross Site Scripting Vulnerability

CVE ID : CVE-2025-8784
Published : Aug. 9, 2025, 11:15 p.m. | 12 hours, 25 minutes ago
Description : A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionario_vinculo_cad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 23:15:00 GMT

read more

CVE-2025-8775 - Qiyuesuo Electronic Signature Platform Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-8775
Published : Aug. 9, 2025, 9:15 p.m. | 14 hours, 25 minutes ago
Description : A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 21:15:00 GMT

read more

CVE-2025-8774 - Riscv-boom SonicBOOM L1 Data Cache Handler Timing Discrepancy Vulnerability

CVE ID : CVE-2025-8774
Published : Aug. 9, 2025, 9:15 p.m. | 13 hours, 16 minutes ago
Description : A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 21:15:00 GMT

read more

CVE-2025-8773 - Dinstar Monitoring Platform SQL Injection Vulnerability

CVE ID : CVE-2025-8773
Published : Aug. 9, 2025, 8:15 p.m. | 14 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/login_getPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 20:15:00 GMT

read more

CVE-2025-8772 - Vinades NukeViet Server-Side Request Forgery Vulnerability

CVE ID : CVE-2025-8772
Published : Aug. 9, 2025, 8:15 p.m. | 13 hours, 35 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 20:15:00 GMT

read more

CVE-2025-8765 - Datacom DM955 5GT 1200 Wireless Basic Settings Cross Site Scripting Vulnerability

CVE ID : CVE-2025-8765
Published : Aug. 9, 2025, 7:15 p.m. | 14 hours, 35 minutes ago
Description : A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 19:15:00 GMT

read more

CVE-2025-8764 - Linlinjava Litemall Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-8764
Published : Aug. 9, 2025, 7:15 p.m. | 13 hours, 16 minutes ago
Description : A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 19:15:00 GMT

read more

CVE-2025-8763 - Ruijie EG306MG StrongSwan Aggressive Mode PSK Encryption Bypass Vulnerability

CVE ID : CVE-2025-8763
Published : Aug. 9, 2025, 6:15 p.m. | 14 hours, 16 minutes ago
Description : A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 18:15:00 GMT

read more

CVE-2025-8759 - TRENDnet Lighttpd Hard-Coded Cryptographic Key Vulnerability

CVE ID : CVE-2025-8759
Published : Aug. 9, 2025, 5:15 p.m. | 14 hours, 34 minutes ago
Description : A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 17:15:00 GMT

read more

CVE-2025-8758 - TRENDnet TEW-822DRE FTP Server Local Privilege Escalation Vulnerability

CVE ID : CVE-2025-8758
Published : Aug. 9, 2025, 4:15 p.m. | 15 hours, 34 minutes ago
Description : A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 16:15:00 GMT

read more

CVE-2025-8756 - TDuckCloud Authorization Interceptor PreHandle Remote Improper Authorization Vulnerability

CVE ID : CVE-2025-8756
Published : Aug. 9, 2025, 3:15 p.m. | 16 hours, 4 minutes ago
Description : A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 15:15:00 GMT

read more

CVE-2025-8757 - TRENDnet Embedded Boa Web Server Least Privilege Violation

CVE ID : CVE-2025-8757
Published : Aug. 9, 2025, 3:15 p.m. | 16 hours, 4 minutes ago
Description : A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 15:15:00 GMT

read more

CVE-2022-50233 - Linux Kernel Bluetooth eir strlen Vulnerability

CVE ID : CVE-2022-50233
Published : Aug. 9, 2025, 3:15 p.m. | 14 hours, 4 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be truncated or not.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 15:15:00 GMT

read more

CVE-2024-58238 - "Bluetooth btnxpuart UART Break Timing Vulnerability"

CVE ID : CVE-2024-58238
Published : Aug. 9, 2025, 3:15 p.m. | 14 hours, 4 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds. Test procedure using bash script: hciconfig hci0 up //Enable Power Save feature hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done Error log, after adding few more debug prints: Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00 Bluetooth: hci0: Set UART break: on, status=0 Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled Bluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00 Can't set advertise mode on hci0: Connection timed out (110) Bluetooth: hci0: command 0x200a tx timeout When the power save mechanism turns on UART break, and btnxpuart_tx_work() is scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE, which prevents the psdata->work from being scheduled, which is responsible to turn OFF UART break. This issue is fixed by adding a ps_lock mutex around UART break on/off as well as around ps_state read/write. btnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is PS_STATE_SLEEP, it will first schedule psdata->work, and then it will reschedule itself once UART break has been turned off and ps_state is PS_STATE_AWAKE. Tested above script for 50,000 iterations and TX timeout error was not observed anymore.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 15:15:00 GMT

read more

CVE-2025-8755 - Macrozheng Mall Authorization Bypass Vulnerability

CVE ID : CVE-2025-8755
Published : Aug. 9, 2025, 2:15 p.m. | 15 hours, 4 minutes ago
Description : A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 14:15:00 GMT

read more

CVE-2025-7726 - WordPress The7 Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7726
Published : Aug. 9, 2025, 2:15 p.m. | 13 hours, 25 minutes ago
Description : The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and output escaping. The theme’s JavaScript reads user-supplied 'title' and 'data-dt-img-description' attributes directly via jQuery.attr(), concatenates them into an HTML string, and inserts that string into the DOM using methods such as jQuery.html() without escaping or filtering. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 14:15:00 GMT

read more

CVE-2025-8753 - Linlinjava Litemall File Handler Path Traversal Vulnerability

CVE ID : CVE-2025-8753
Published : Aug. 9, 2025, 2:15 p.m. | 13 hours, 25 minutes ago
Description : A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 14:15:00 GMT

read more

CVE-2025-7020 - BYD DiLink 3.0 OS IVI Unit Log Dump Encryption Bypass

CVE ID : CVE-2025-7020
Published : Aug. 9, 2025, 1:15 p.m. | 14 hours, 25 minutes ago
Description : An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data. This vulnerability was introduced in a patch intended to fix CVE-2024-54728.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 13:15:00 GMT

read more

CVE-2025-8752 - Wangzhixuan Spring-Shiro-Training Command Injection Vulnerability

CVE ID : CVE-2025-8752
Published : Aug. 9, 2025, 12:15 p.m. | 15 hours, 25 minutes ago
Description : A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 12:15:00 GMT

read more

CVE-2025-8751 - Protected Total WebShield Extension Chrome Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8751
Published : Aug. 9, 2025, 8:15 a.m. | 17 hours, 25 minutes ago
Description : A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 08:15:00 GMT

read more

CVE-2025-8750 - Macrozheng Mall Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8750
Published : Aug. 9, 2025, 7:15 a.m. | 18 hours, 25 minutes ago
Description : A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 07:15:00 GMT

read more

CVE-2025-8746 - "GNU libopts __strstr_sse2 Memory Corruption Vulnerability"

CVE ID : CVE-2025-8746
Published : Aug. 9, 2025, 6:15 a.m. | 19 hours, 25 minutes ago
Description : A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 06:15:00 GMT

read more

CVE-2025-8771 - Apache Database Configuration Insecure Feature

CVE ID : CVE-2025-8771
Published : Aug. 9, 2025, 5:15 a.m. | 20 hours, 25 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: This affects a legitimate feature. The cause of the issue is an insecure database configuration established by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 05:15:00 GMT

read more

CVE-2025-4655 - Liferay Portal SSRF Template Bypass

CVE ID : CVE-2025-4655
Published : Aug. 9, 2025, 5:15 a.m. | 18 hours, 26 minutes ago
Description : SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 05:15:00 GMT

read more

CVE-2025-8745 - Weee RICEPO App Android AndroidManifest.xml Component Export Vulnerability

CVE ID : CVE-2025-8745
Published : Aug. 9, 2025, 5:15 a.m. | 18 hours, 26 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 05:15:00 GMT

read more

CVE-2025-4581 - Liferay Portal Blind SSRF Vulnerability

CVE ID : CVE-2025-4581
Published : Aug. 9, 2025, 5:15 a.m. | 17 hours, 15 minutes ago
Description : Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 05:15:00 GMT

read more

CVE-2025-55008 - WorkOS AuthKit React Router Authentication Artifact Exposure

CVE ID : CVE-2025-55008
Published : Aug. 9, 2025, 3:15 a.m. | 17 hours, 14 minutes ago
Description : The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. This issue is fixed in version 0.7.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55009 - WorkOS AuthKit Remix Sensitive Authentication Artifact Exposure

CVE ID : CVE-2025-55009
Published : Aug. 9, 2025, 3:15 a.m. | 17 hours, 14 minutes ago
Description : The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55013 - Assemblyline 4 Service Client Path Traversal Vulnerability

CVE ID : CVE-2025-55013
Published : Aug. 9, 2025, 3:15 a.m. | 17 hours, 14 minutes ago
Description : The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as `../../../etc/cron.d/evil` and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55149 - Tiny-Scientist PDF Path Traversal Vulnerability

CVE ID : CVE-2025-55149
Published : Aug. 9, 2025, 3:15 a.m. | 17 hours, 14 minutes ago
Description : Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the review_paper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. This vulnerability allows attackers to: read any PDF file accessible to the server process, potentially access sensitive documents outside the intended directory and perform reconnaissance on the server's file system structure. This issue does not currently have a fix.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55001 - OpenBao LDAP Auth Bypass Vulnerability

CVE ID : CVE-2025-55001
Published : Aug. 9, 2025, 3:15 a.m. | 15 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When the username_as_alias=true parameter in the LDAP auth method was in use, the caller-supplied username was used verbatim without normalization, allowing an attacker to bypass alias-specific MFA requirements. This issue was fixed in version 2.3.2. To work around this, remove all usage of the username_as_alias=true parameter and update any entity aliases accordingly.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55003 - OpenBao MFA TOTP Whitespace Bypass Vulnerability

CVE ID : CVE-2025-55003
Published : Aug. 9, 2025, 3:15 a.m. | 15 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes. This issue was fixed in version 2.3.2. To work around this, use of rate-limiting quotas can limit an attacker's ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55006 - Frappe Learning SVG Injection Vulnerability

CVE ID : CVE-2025-55006
Published : Aug. 9, 2025, 3:15 a.m. | 15 hours, 14 minutes ago
Description : Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-54999 - OpenBao User Enumeration Vulnerability

CVE ID : CVE-2025-54999
Published : Aug. 9, 2025, 3:15 a.m. | 13 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of whether the supplied credentials were valid for the given user. This issue was fixed in version 2.3.2. To work around this issue, users may use another auth method or apply rate limiting quotas to limit the number of requests in a period of time: https://openbao.org/api-docs/system/rate-limit-quotas/.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-55000 - OpenBao TOTP Secrets Engine Code Replay Vulnerability

CVE ID : CVE-2025-55000
Published : Aug. 9, 2025, 3:15 a.m. | 13 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected normalization in the underlying TOTP library. To work around, ensure that all codes are first normalized before submitting to the OpenBao endpoint. TOTP code verification is a privileged action; only trusted systems should be verifying codes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-54997 - OpenBao Audit Subsystem Privilege Escalation

CVE ID : CVE-2025-54997
Published : Aug. 9, 2025, 3:15 a.m. | 11 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-54998 - OpenBao Authentication Bypass Vulnerability

CVE ID : CVE-2025-54998
Published : Aug. 9, 2025, 3:15 a.m. | 11 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. This is fixed in version 2.3.2. To work around this issue, existing users may apply rate-limiting quotas on the authentication endpoints:, see https://openbao.org/api-docs/system/rate-limit-quotas/.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 03:15:00 GMT

read more

CVE-2025-54417 - Craft CMS Remote Code Execution Bypass

CVE ID : CVE-2025-54417
Published : Aug. 9, 2025, 2:15 a.m. | 12 hours, 14 minutes ago
Description : Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these requirements: have a compromised security key and create an arbitrary file in Craft's /storage/backups folder. With those criteria in place, attackers could create a specific, malicious request to the /updater/restore-db endpoint and execute CLI commands remotely. This issue is fixed in versions 4.16.3 and 5.8.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 02:15:00 GMT

read more

CVE-2025-54888 - Fedify ActivityPub Actor Impersonation Bypass

CVE ID : CVE-2025-54888
Published : Aug. 9, 2025, 2:15 a.m. | 12 hours, 14 minutes ago
Description : Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor impersonation across all Fedify instances. This is fixed in versions 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9 and 1.8.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 02:15:00 GMT

read more

CVE-2025-54996 - OpenBao Identity Escalation Privilege Vulnerability

CVE ID : CVE-2025-54996
Published : Aug. 9, 2025, 2:15 a.m. | 12 hours, 14 minutes ago
Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy. While the identity system allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy was restricted to manual generation using unseal or recovery key shares. The global root policy was not accessible from child namespaces. This issue is fixed in version 2.3.2. To workaround this vulnerability, use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 02:15:00 GMT

read more

CVE-2025-55152 - Oak Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-55152
Published : Aug. 9, 2025, 2:15 a.m. | 12 hours, 14 minutes ago
Description : oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 02:15:00 GMT

read more

CVE-2025-8744 - CesiumLab Web SQL Injection Vulnerability

CVE ID : CVE-2025-8744
Published : Aug. 9, 2025, 12:15 a.m. | 14 hours, 14 minutes ago
Description : A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 00:15:00 GMT

read more

CVE-2025-6573 - Qualcomm Snapdragon Secure Kernel Information Leak

CVE ID : CVE-2025-6573
Published : Aug. 9, 2025, 12:15 a.m. | 13 hours, 4 minutes ago
Description : Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 00:15:00 GMT

read more

CVE-2025-46709 - Apache HTTP Server Kernel Heap Information Disclosure

CVE ID : CVE-2025-46709
Published : Aug. 9, 2025, 12:15 a.m. | 12 hours, 14 minutes ago
Description : Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 09 Aug 2025 00:15:00 GMT

read more

CVE-2025-8743 - Scada-LTS Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8743
Published : Aug. 8, 2025, 11:15 p.m. | 9 hours, 13 minutes ago
Description : A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 23:15:00 GMT

read more

CVE-2025-8741 - Macrozheng Mall Remote Cleartext Transmission of Sensitive Information Vulnerability

CVE ID : CVE-2025-8741
Published : Aug. 8, 2025, 10:16 p.m. | 8 hours, 13 minutes ago
Description : A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 22:16:00 GMT

read more

CVE-2025-8742 - Macrozheng Mall Admin Login Remote Authentication Bypass Vulnerability

CVE ID : CVE-2025-8742
Published : Aug. 8, 2025, 10:16 p.m. | 8 hours, 13 minutes ago
Description : A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 22:16:00 GMT

read more

CVE-2025-55188 - 7-Zip Symbolic Link Extraction Vulnerability

CVE ID : CVE-2025-55188
Published : Aug. 8, 2025, 9:15 p.m. | 8 hours, 12 minutes ago
Description : 7-Zip before 25.01 does not always properly handle symbolic links during extraction.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 21:15:00 GMT

read more

CVE-2025-8739 - My-Blog CSRF Vulnerability

CVE ID : CVE-2025-8739
Published : Aug. 8, 2025, 9:15 p.m. | 8 hours, 12 minutes ago
Description : A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 21:15:00 GMT

read more

CVE-2025-8740 - My-Blog Category Handler Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8740
Published : Aug. 8, 2025, 9:15 p.m. | 8 hours, 12 minutes ago
Description : A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 21:15:00 GMT

read more

CVE-2025-8738 - "zlt2000 Microservices-Platform Spring Actuator Interface Information Disclosure Vulnerability"

CVE ID : CVE-2025-8738
Published : Aug. 8, 2025, 8:15 p.m. | 9 hours, 12 minutes ago
Description : A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 20:15:00 GMT

read more

CVE-2025-8737 - Open Redirect Vulnerability in zlt2000 Microservices-Platform

CVE ID : CVE-2025-8737
Published : Aug. 8, 2025, 8:15 p.m. | 7 hours, 11 minutes ago
Description : A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 20:15:00 GMT

read more

CVE-2012-10047 - Cyclope Employee Surveillance Solution SQL Injection RCE

CVE ID : CVE-2012-10047
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10048 - Zenoss Core Command Injection Vulnerability

CVE ID : CVE-2012-10048
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10049 - WebPageTest PHP File Upload RCE

CVE ID : CVE-2012-10049
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10050 - CuteFlow PHP File Upload Vulnerability (Arbitrary Code Execution)

CVE ID : CVE-2012-10050
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10051 - ProShow Producer Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2012-10051
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10052 - EGallery Arbitrary File Upload RCE

CVE ID : CVE-2012-10052
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10053 - Apache Simple Web Server HTTP Header Buffer Overflow

CVE ID : CVE-2012-10053
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2025-4796 - Eventin WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-4796
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\Speaker\Api\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2025-8735 - GNU cflow Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-8735
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2025-8736 - GNU cflow Lexer Buffer Overflow Vulnerability

CVE ID : CVE-2025-8736
Published : Aug. 8, 2025, 7:15 p.m. | 8 hours, 11 minutes ago
Description : A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10043 - ActFax Server Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2012-10043
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 5 minutes ago
Description : A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10044 - MobileCartly File Creation Vulnerability

CVE ID : CVE-2012-10044
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 5 minutes ago
Description : MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10045 - XODA PHP File Upload RCE

CVE ID : CVE-2012-10045
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 5 minutes ago
Description : XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10046 - "ESVA E-Mail Security Virtual Appliance Unauthenticated Command Injection"

CVE ID : CVE-2012-10046
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 5 minutes ago
Description : The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2010-10013 - AjaXplorer/Pydio Cells Remote Command Execution Vulnerability

CVE ID : CVE-2010-10013
Published : Aug. 8, 2025, 7:15 p.m. | 3 hours, 35 minutes ago
Description : An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10036 - Project Pier Arbitrary File Upload Vulnerability

CVE ID : CVE-2012-10036
Published : Aug. 8, 2025, 7:15 p.m. | 3 hours, 35 minutes ago
Description : Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The uploaded file is stored with a predictable suffix and can be executed by requesting its URL, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10041 - Citrix WAN Emulator Unauthenticated Command Execution and Privilege Escalation Vulnerability

CVE ID : CVE-2012-10041
Published : Aug. 8, 2025, 7:15 p.m. | 3 hours, 35 minutes ago
Description : WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2012-10042 - Apache Sflog! CMS Remote File Upload Vulnerability

CVE ID : CVE-2012-10042
Published : Aug. 8, 2025, 7:15 p.m. | 3 hours, 35 minutes ago
Description : Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 19:15:00 GMT

read more

CVE-2025-52913 - Mitel MiCollab NuPoint Unified Messaging Path Traversal Vulnerability

CVE ID : CVE-2025-52913
Published : Aug. 8, 2025, 6:15 p.m. | 3 hours, 5 minutes ago
Description : A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-52914 - Mitel MiCollab SQL Injection Vulnerability

CVE ID : CVE-2025-52914
Published : Aug. 8, 2025, 6:15 p.m. | 3 hours, 5 minutes ago
Description : A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-5095 - Burk Technology ARC Solo Authentication Bypass

CVE ID : CVE-2025-5095
Published : Aug. 8, 2025, 6:15 p.m. | 3 hours, 5 minutes ago
Description : Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-8733 - GNU Bison Local Assertion Vulnerability

CVE ID : CVE-2025-8733
Published : Aug. 8, 2025, 6:15 p.m. | 3 hours, 5 minutes ago
Description : A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-8734 - GNU Bison Double Free Vulnerability

CVE ID : CVE-2025-8734
Published : Aug. 8, 2025, 6:15 p.m. | 3 hours, 5 minutes ago
Description : A vulnerability classified as problematic has been found in GNU Bison up to 3.8.2. Affected is the function code_free of the file src/scan-code.c. The manipulation leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-50927 - "EHCP FTP User List XSS"

CVE ID : CVE-2025-50927
Published : Aug. 8, 2025, 6:15 p.m. | 2 hours, 14 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-50928 - Easy Hosting Control Panel EHCP SQL Injection

CVE ID : CVE-2025-50928
Published : Aug. 8, 2025, 6:15 p.m. | 2 hours, 14 minutes ago
Description : Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 18:15:00 GMT

read more

CVE-2025-46414 - Apache IoT Device PIN Brute-Force Weakness

CVE ID : CVE-2025-46414
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN is entered. This vulnerability was patched in a server-side update on April 6, 2025.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-47872 - Cisco Product Serial Number Information Disclosure Vulnerability

CVE ID : CVE-2025-47872
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gain information on the product registration status of different S/Ns.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-50465 - Apache OpenMetadata SQL Injection

CVE ID : CVE-2025-50465
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-50466 - Apache OpenMetadata SQL Injection Vulnerability

CVE ID : CVE-2025-50466
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-50467 - Apache OpenMetadata SQL Injection Vulnerability

CVE ID : CVE-2025-50467
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-50468 - Apache OpenMetadata SQL Injection Vulnerability

CVE ID : CVE-2025-50468
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-53520 - EG4 Firmware Update Vulnerability - Unchecked Archive Exploitation

CVE ID : CVE-2025-53520
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files without integrity checks. The TTComp archive format used for the firmware is unencrypted and can be unpacked and altered without detection.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-8284 - Packet Power Monitoring and Control Web Interface Authentication Bypass

CVE ID : CVE-2025-8284
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-8393 - "Fortnite Phone TLS Accepts Self-Signed Certificates"

CVE ID : CVE-2025-8393
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-8732 - Libxml2 SGML Catalog Recursion Vulnerability

CVE ID : CVE-2025-8732
Published : Aug. 8, 2025, 5:15 p.m. | 2 hours, 5 minutes ago
Description : A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 17:15:00 GMT

read more

CVE-2025-4576 - Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-4576
Published : Aug. 8, 2025, 4:15 p.m. | 3 hours, 5 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/entry_cover_image_caption.jsp
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 16:15:00 GMT

read more

CVE-2025-52586 - "Vulnerability in Schneider Electric Inverter Command Traffic"

CVE ID : CVE-2025-52586
Published : Aug. 8, 2025, 4:15 p.m. | 3 hours, 5 minutes ago
Description : The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 16:15:00 GMT

read more

CVE-2025-8355 - Xerox FreeFlow Core XML SSRF Vulnerability

CVE ID : CVE-2025-8355
Published : Aug. 8, 2025, 4:15 p.m. | 3 hours, 5 minutes ago
Description : In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 16:15:00 GMT

read more

CVE-2025-8356 - Xerox FreeFlow Core Path Traversal Remote Code Execution

CVE ID : CVE-2025-8356
Published : Aug. 8, 2025, 4:15 p.m. | 3 hours, 5 minutes ago
Description : In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 16:15:00 GMT

read more

CVE-2025-8731 - TRENDnet SSH Service Default Credentials Vulnerability (Critical)

CVE ID : CVE-2025-8731
Published : Aug. 8, 2025, 4:15 p.m. | 3 hours, 5 minutes ago
Description : A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 16:15:00 GMT

read more

CVE-2025-36023 - IBM Cloud Pak for Business Automation Information Disclosure Vulnerability

CVE ID : CVE-2025-36023
Published : Aug. 8, 2025, 3:15 p.m. | 4 hours, 5 minutes ago
Description : IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 15:15:00 GMT

read more

CVE-2025-36119 - IBM Digital Certificate Manager for i Web Session Hijacking Privilege Escalation

CVE ID : CVE-2025-36119
Published : Aug. 8, 2025, 3:15 p.m. | 4 hours, 5 minutes ago
Description : IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 15:15:00 GMT

read more

CVE-2025-8730 - Belkin Web Interface Hard-Coded Credentials Remote Vulnerability

CVE ID : CVE-2025-8730
Published : Aug. 8, 2025, 3:15 p.m. | 4 hours, 5 minutes ago
Description : A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 15:15:00 GMT

read more

CVE-2020-9322 - Statamic Core XSS Vulnerability

CVE ID : CVE-2020-9322
Published : Aug. 8, 2025, 3:15 p.m. | 2 hours, 5 minutes ago
Description : The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 15:15:00 GMT

read more

CVE-2025-8729 - MigoXLab LMeterX Remote Path Traversal Vulnerability

CVE ID : CVE-2025-8729
Published : Aug. 8, 2025, 2:15 p.m. | 3 hours, 5 minutes ago
Description : A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. The manipulation of the argument task_id leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is f1b00597e293d09452aabd4fa57f3185207350e8. It is recommended to apply a patch to fix this issue.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 14:15:00 GMT

read more

CVE-2025-8088 - WinRAR Windows Path Traversal RCE

CVE ID : CVE-2025-8088
Published : Aug. 8, 2025, 12:15 p.m. | 5 hours, 5 minutes ago
Description : A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 12:15:00 GMT

read more

CVE-2025-8749 - MiR API Path Traversal Vulnerability

CVE ID : CVE-2025-8749
Published : Aug. 8, 2025, 12:15 p.m. | 5 hours, 5 minutes ago
Description : Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 12:15:00 GMT

read more

CVE-2025-8748 - MiR Command Injection Vulnerability

CVE ID : CVE-2025-8748
Published : Aug. 8, 2025, 11:15 a.m. | 6 hours, 5 minutes ago
Description : MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 11:15:00 GMT

read more

CVE-2025-48913 - Apache CXF JMS Untrusted Configuration RCE

CVE ID : CVE-2025-48913
Published : Aug. 8, 2025, 10:15 a.m. | 7 hours, 5 minutes ago
Description : If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 10:15:00 GMT

read more

CVE-2025-53606 - Apache Seata (incubating) Deserialization of Untrusted Data Remote Code Execution

CVE ID : CVE-2025-53606
Published : Aug. 8, 2025, 10:15 a.m. | 7 hours, 5 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 10:15:00 GMT

read more

CVE-2025-6572 - OpenStreetMap for Gutenberg WPBakery Page Builder Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6572
Published : Aug. 8, 2025, 6:15 a.m. | 11 hours, 5 minutes ago
Description : The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 06:15:00 GMT

read more

CVE-2025-54940 - WordPress Advanced Custom Fields HTML Injection Vulnerability

CVE ID : CVE-2025-54940
Published : Aug. 8, 2025, 5:15 a.m. | 12 hours, 5 minutes ago
Description : An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 05:15:00 GMT

read more

CVE-2025-54958 - Powered BLUE OS Command Injection Vulnerability

CVE ID : CVE-2025-54958
Published : Aug. 8, 2025, 5:15 a.m. | 12 hours, 5 minutes ago
Description : Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 05:15:00 GMT

read more

CVE-2025-54959 - BLUE Server File Traversal Vulnerability

CVE ID : CVE-2025-54959
Published : Aug. 8, 2025, 5:15 a.m. | 12 hours, 5 minutes ago
Description : Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vulnerability is exploited, an arbitrary file in the affected product may be disclosed.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 05:15:00 GMT

read more

CVE-2024-58256 - EnzoH OS Command Injection Vulnerability

CVE ID : CVE-2024-58256
Published : Aug. 8, 2025, 4:16 a.m. | 13 hours, 4 minutes ago
Description : EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 04:16:00 GMT

read more

CVE-2024-58257 - EnzoH OS Command Injection

CVE ID : CVE-2024-58257
Published : Aug. 8, 2025, 4:16 a.m. | 13 hours, 4 minutes ago
Description : EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 04:16:00 GMT

read more

CVE-2024-58255 - EnzoH OS Command Injection Vulnerability

CVE ID : CVE-2024-58255
Published : Aug. 8, 2025, 4:15 a.m. | 13 hours, 4 minutes ago
Description : EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 04:15:00 GMT

read more

CVE-2025-8707 - Huuge Box App Improper Android Application Component Export Vulnerability

CVE ID : CVE-2025-8707
Published : Aug. 8, 2025, 3:15 a.m. | 14 hours, 5 minutes ago
Description : A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 03:15:00 GMT

read more

CVE-2025-8708 - Antabot White-Jotter Deserialization Vulnerability

CVE ID : CVE-2025-8708
Published : Aug. 8, 2025, 3:15 a.m. | 14 hours, 5 minutes ago
Description : A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 03:15:00 GMT

read more

CVE-2025-8706 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8706
Published : Aug. 8, 2025, 2:15 a.m. | 15 hours, 5 minutes ago
Description : A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 02:15:00 GMT

read more

CVE-2025-54886 - Skops Remote Code Execution Vulnerability

CVE ID : CVE-2025-54886
Published : Aug. 8, 2025, 1:15 a.m. | 14 hours, 58 minutes ago
Description : skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops' secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-54887 - jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability

CVE ID : CVE-2025-54887
Published : Aug. 8, 2025, 1:15 a.m. | 14 hours, 58 minutes ago
Description : jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-8703 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8703
Published : Aug. 8, 2025, 1:15 a.m. | 14 hours, 58 minutes ago
Description : A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-8704 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection

CVE ID : CVE-2025-8704
Published : Aug. 8, 2025, 1:15 a.m. | 14 hours, 58 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulation of the argument resultId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-8705 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8705
Published : Aug. 8, 2025, 1:15 a.m. | 14 hours, 58 minutes ago
Description : A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BP_ProID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-54793 - Astro Open Redirect Vulnerability

CVE ID : CVE-2025-54793
Published : Aug. 8, 2025, 1:15 a.m. | 14 hours, 5 minutes ago
Description : Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk of phishing and other social engineering attacks. This affects sites that use on-demand rendering (SSR) with the Node or Cloudflare adapters. It does not affect static sites, or sites deployed to Netlify or Vercel. This issue is fixed in version 5.12.8. To work around this issue at the network level, block outgoing redirect responses with a Location header value that starts with `//`.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-54368 - "uv ZIP Archive Extraction Vulnerability"

CVE ID : CVE-2025-54368
Published : Aug. 8, 2025, 12:15 a.m. | 15 hours, 4 minutes ago
Description : uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. An attacker could also contrive a "stacked" ZIP input with multiple internal ZIPs, which would be handled differently by different package installers. The attacker could choose which installer to target in both scenarios. This issue is fixed in version 0.8.6. To work around this issue, users may choose to set UV_INSECURE_NO_ZIP_VALIDATION=1 to revert to the previous behavior.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 00:15:00 GMT

read more

CVE-2025-54952 - ExecuTorch Integer Overflow Code Execution Vulnerability

CVE ID : CVE-2025-54952
Published : Aug. 8, 2025, 12:15 a.m. | 15 hours, 4 minutes ago
Description : An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 00:15:00 GMT

read more

CVE-2025-8702 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8702
Published : Aug. 8, 2025, 12:15 a.m. | 15 hours, 4 minutes ago
Description : A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 00:15:00 GMT

read more

Fuite de données chez Optic 2000

civité, nom, prénom, numéro de sécurité sociale, date de naissance, adresse postale, n° client, n° de téléphone, magasin concerné, nom de l’opticien

Fri Aug 08 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-54951 - ExecuTorch Buffer Overflow Vulnerabilities

CVE ID : CVE-2025-54951
Published : Aug. 7, 2025, 11:15 p.m. | 15 hours, 12 minutes ago
Description : A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-54949 - ExecuTorch Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-54949
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 40 minutes ago
Description : A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-54950 - Oracle ExecuTorch Out-of-Bounds Access Code Execution

CVE ID : CVE-2025-54950
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 40 minutes ago
Description : An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-30405 - ExecuTorch Integer Overflow Code Execution Vulnerability

CVE ID : CVE-2025-30405
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 2 minutes ago
Description : An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-30404 - Apache ExecuTorch Integer Overflow Code Execution

CVE ID : CVE-2025-30404
Published : Aug. 7, 2025, 11:15 p.m. | 10 hours, 33 minutes ago
Description : An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-54787 - SuiteCRM Unauthenticated File Download Vulnerability

CVE ID : CVE-2025-54787
Published : Aug. 7, 2025, 10:15 p.m. | 11 hours, 33 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID. Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 22:15:00 GMT

read more

CVE-2025-53787 - Microsoft 365 Copilot BizChat Sensitive Data Exposure

CVE ID : CVE-2025-53787
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-53792 - Azure Portal Unauthenticated Remote Command Injection

CVE ID : CVE-2025-53792
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : Azure Portal Elevation of Privilege Vulnerability
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-8698 - Open5GS AMF Service Assertion Vulnerability

CVE ID : CVE-2025-8698
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-8701 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8701
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_OprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-45765 - Apache Ruby-JWT Weak Encryption Vulnerability

CVE ID : CVE-2025-45765
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 22 minutes ago
Description : ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-53767 - Azure OpenAI Privilege Escalation

CVE ID : CVE-2025-53767
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 22 minutes ago
Description : Azure OpenAI Elevation of Privilege Vulnerability
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-53774 - Microsoft 365 Copilot BizChat Unauthenticated Data Exposure

CVE ID : CVE-2025-53774
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 22 minutes ago
Description : Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-26513 - EMC SAN Host Utilities Privilege Escalation Vulnerability

CVE ID : CVE-2025-26513
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 3 minutes ago
Description : The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-48709 - BMC Control-M Cleartext Credentials Exposure Vulnerability

CVE ID : CVE-2025-48709
Published : Aug. 7, 2025, 8:15 p.m. | 7 hours, 3 minutes ago
Description : An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47183 - GStreamer Isomp4 Information Disclosure

CVE ID : CVE-2025-47183
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47219 - GStreamer isomp4 Information Disclosure Vulnerability

CVE ID : CVE-2025-47219
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47806 - GStreamer Subparse Buffer Overflow

CVE ID : CVE-2025-47806
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47807 - GStreamer Subparse NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-47807
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47808 - GStreamer Subparse NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-47808
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-7195 - Operator-SDK Insecure User Setup Permissions Vulnerability

CVE ID : CVE-2025-7195
Published : Aug. 7, 2025, 7:15 p.m. | 5 hours, 34 minutes ago
Description : Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-8697 - AgentUniverse MCPSessionManager/MCPTool/MCPToolkit Os Command Injection Vulnerability

CVE ID : CVE-2025-8697
Published : Aug. 7, 2025, 7:15 p.m. | 5 hours, 34 minutes ago
Description : A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-50675 - GPMAW Unprivileged Privilege Escalation Vulnerability

CVE ID : CVE-2025-50675
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-50692 - FoxCMS Remote Code Execution Vulnerability

CVE ID : CVE-2025-50692
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-51533 - Sage DPW IDOR Vulnerability

CVE ID : CVE-2025-51533
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-55077 - Tyler Technologies ERP Pro 9 SaaS Privilege Escalation Command Injection

CVE ID : CVE-2025-55077
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2023-41530 - "MediCare SQL Injection"

CVE ID : CVE-2023-41530
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41531 - Hospital Management System SQL Injection Vulnerability

CVE ID : CVE-2023-41531
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41532 - Medicore Hospital Management System SQL Injection

CVE ID : CVE-2023-41532
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2025-51629 - Eccobook PdfViewer XSS

CVE ID : CVE-2025-51629
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41521 - SAM System SQL Injection Vulnerability

CVE ID : CVE-2023-41521
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41522 - SAMSS SQL Injection Vulnerability

CVE ID : CVE-2023-41522
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41523 - SAMSS SQL Injection

CVE ID : CVE-2023-41523
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41524 - SAM System SQL Injection

CVE ID : CVE-2023-41524
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41525 - MedCare Hospital Management System SQL Injection

CVE ID : CVE-2023-41525
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41526 - "MediCare Hospital Management System SQL Injection Vulnerability"

CVE ID : CVE-2023-41526
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41527 - Medcare Hospital Management System SQL Injection

CVE ID : CVE-2023-41527
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41528 - "MediCare SQL Injection Vulnerability"

CVE ID : CVE-2023-41528
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41529 - "MediSys Hospital Management System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2023-41529
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-40992 - Apache Hospital Management System SQL Injection Vulnerability

CVE ID : CVE-2023-40992
Published : Aug. 7, 2025, 6:15 p.m. | 1 hour, 16 minutes ago
Description : Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41519 - SAM System Cross-Site Scripting Vulnerability

CVE ID : CVE-2023-41519
Published : Aug. 7, 2025, 6:15 p.m. | 1 hour, 16 minutes ago
Description : Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41520 - SAM System SQL Injection Vulnerability

CVE ID : CVE-2023-41520
Published : Aug. 7, 2025, 6:15 p.m. | 1 hour, 16 minutes ago
Description : Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2025-54397 - Netwrix Directory Manager Information Disclosure Vulnerability

CVE ID : CVE-2025-54397
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 16 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-55137 - Apache LinkJoin Authentication Bypass

CVE ID : CVE-2025-55137
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 16 minutes ago
Description : LinkJoin through 882f196 mishandles lacks type checking in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-55138 - LinkJoin Password Reset Token Ownership Vulnerability

CVE ID : CVE-2025-55138
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 16 minutes ago
Description : LinkJoin through 882f196 mishandles token ownership in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34152 - "Aitemi M300 Wi-Fi Repeater OS Command Injection"

CVE ID : CVE-2025-34152
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54392 - Netwrix Directory Manager Cross-Site Scripting

CVE ID : CVE-2025-54392
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54393 - Netwrix Directory Manager Static Code Injection Vulnerability

CVE ID : CVE-2025-54393
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54394 - Netwrix Directory Manager Insufficiently Protected Credentials Vulnerability

CVE ID : CVE-2025-54394
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54395 - Netwrix Directory Manager XSS Vulnerability

CVE ID : CVE-2025-54395
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54396 - Netwrix Directory Manager SQL Injection

CVE ID : CVE-2025-54396
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2024-42048 - OpenOrange Business Framework Privilege Escalation

CVE ID : CVE-2024-42048
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-24000 - WPExperts Post SMTP Authentication Bypass

CVE ID : CVE-2025-24000
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass.This issue affects Post SMTP: from n/a through 3.2.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34148 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection Vulnerability

CVE ID : CVE-2025-34148
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resulting in full device compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34149 - Shenzhen Aitemi M300 Wi-Fi Repeater WPA2 Command Injection

CVE ID : CVE-2025-34149
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34150 - Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Command Injection Vulnerability

CVE ID : CVE-2025-34150
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34151 - Shenzhen Aitemi M300 Wi-Fi Repeater Command Injection Vulnerability

CVE ID : CVE-2025-34151
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2024-56339 - IBM WebSphere Application Server Bypass of Security Restrictions Vulnerability

CVE ID : CVE-2024-56339
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-44779 - Ollama File Deletion Remote Code Execution

CVE ID : CVE-2025-44779
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-47907 - Apache Cassandra Rows QueryLogic Race Condition

CVE ID : CVE-2025-47907
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55133 - Agora Foundation Agora Cross-Site Scripting (XSS)

CVE ID : CVE-2025-55133
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55134 - "Agora Foundation Agora XSS Injection Vulnerability"

CVE ID : CVE-2025-55134
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55135 - Agora Foundation Agora XSS via SVG Profile Picture

CVE ID : CVE-2025-55135
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55136 - ERC Insecure Deserialization Vulnerability

CVE ID : CVE-2025-55136
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-7054 - Cloudflare Quiche Infinite QUIC Connection ID Retirement Loop Vulnerability

CVE ID : CVE-2025-7054
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs that are used by the remote peer to populate the Destination Connection ID field in packets sent from remote to local. Each Connection ID has a sequence number to ensure synchronization between peers. An unauthenticated remote attacker can exploit this vulnerability by first completing a handshake and then sending a specially-crafted set of frames that trigger a connection ID retirement in the victim. When the victim attempts to send a packet containing RETIRE_CONNECTION_ID frames, Section 19.16 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-19.6 requires that the sequence number of the retired connection ID must not be the same as the sequence number of the connection ID used by the packet. In other words, a packet cannot contain a frame that retires itself. In scenarios such as path migration, it is possible for there to be multiple active paths with different active connection IDs that could be used to retire each other. The exploit triggered an unintentional behaviour of a quiche design feature that supports retirement across paths while maintaining full connection ID synchronization, leading to an infinite loop.This issue affects quiche: from 0.15.0 before 0.24.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-47188 - Mitel SIP Phones Command Injection Vulnerability

CVE ID : CVE-2025-47188
Published : Aug. 7, 2025, 3:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 15:15:00 GMT

read more

CVE-2025-50952 - OpenJPEG NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-50952
Published : Aug. 7, 2025, 3:15 p.m. | 2 hours, 16 minutes ago
Description : openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 15:15:00 GMT

read more

CVE-2024-52680 - EyouCMS Cross Site Scripting Vulnerability

CVE ID : CVE-2024-52680
Published : Aug. 7, 2025, 2:15 p.m. | 3 hours ago
Description : EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 14:15:00 GMT

read more

CVE-2024-55401 - 4C Strategies Exonaut Directory Traversal Vulnerability

CVE ID : CVE-2024-55401
Published : Aug. 7, 2025, 2:15 p.m. | 3 hours ago
Description : An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 14:15:00 GMT

read more

CVE-2025-8533 - Fantastical XPC Services Unauthenticated Remote Code Execution

CVE ID : CVE-2025-8533
Published : Aug. 7, 2025, 10:15 a.m. | 7 hours ago
Description : A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 10:15:00 GMT

read more

CVE-2025-29866 - TAGFREE X-Free Uploader Path Traversal Vulnerability

CVE ID : CVE-2025-29866
Published : Aug. 7, 2025, 6:15 a.m. | 11 hours ago
Description : : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 06:15:00 GMT

read more

CVE-2025-35970 - SEIKO EPSON and FUJIFILM SNMP Guessable Administrator Password Vulnerability

CVE ID : CVE-2025-35970
Published : Aug. 7, 2025, 6:15 a.m. | 11 hours ago
Description : On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 06:15:00 GMT

read more

CVE-2025-32094 - Akamai Ghost HTTP Request Smuggling Vulnerability

CVE ID : CVE-2025-32094
Published : Aug. 7, 2025, 5:15 a.m. | 12 hours ago
Description : An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 05:15:00 GMT

read more

CVE-2025-29865 - TAGFREE X-Free Uploader Path Traversal Vulnerability

CVE ID : CVE-2025-29865
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8576 - "Google Chrome Extensions Use After Free Heap Corruption Vulnerability"

CVE ID : CVE-2025-8576
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8577 - Google Chrome Picture In Picture UI Spoofing Vulnerability

CVE ID : CVE-2025-8577
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8578 - Google Chrome Use After Free Heap Corruption Vulnerability

CVE ID : CVE-2025-8578
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8579 - Google Chrome Picture In Picture UI Spoofing Vulnerability

CVE ID : CVE-2025-8579
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8580 - Google Chrome Filesystems UI Spoofing Vulnerability

CVE ID : CVE-2025-8580
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8581 - Google Chrome Extensions Cross-Origin Data Leakage

CVE ID : CVE-2025-8581
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8582 - Google Chrome URL Bar Spoofing Vulnerability

CVE ID : CVE-2025-8582
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8583 - Google Chrome Permissions UI Spoofing Vulnerability

CVE ID : CVE-2025-8583
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-3770 - EDK2 BIOS Bootkit Execution

CVE ID : CVE-2025-3770
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54783 - SuiteCRM Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-54783
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include some arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but allow the JavaScript code to execute. This is fixed in version 7.14.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54784 - SuiteCRM Cross Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-54784
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user, the payload can be triggered. With that, an attacker is able to run arbitrary actions as the logged-in user - like extracting data, or if it is an admin executing the payload, takeover the instance. This is fixed in versions 7.14.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54798 - tmp Node.js Symbolic Link Directory Write Vulnerability

CVE ID : CVE-2025-54798
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54799 - Lego ACME Library HTTP to HTTPS Enforcement Weakness

CVE ID : CVE-2025-54799
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. However, the library fails to enforce HTTPS both in the original discover URL (configured by the library user) and in the subsequent addresses returned by the CAs in the directory and order objects. If users input HTTP URLs or CAs misconfigure endpoints, protocol operations occur over HTTP instead of HTTPS. This compromises privacy by exposing request/response details like account and request identifiers to network attackers. This was fixed in version 4.25.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54882 - Microsoft Azure Entra ID and Intune Himmelblau World Readable Kerberos Credential Cache

CVE ID : CVE-2025-54882
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54885 - Thinbus Javascript Secure Remote Password SRP6a Protocol Compliance Bug

CVE ID : CVE-2025-54885
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime (defaulted to 2048 bits). The client public value is being generated from a private value that is 4 bits below the specification. This reduces the protocol's designed security margin it is now practically exploitable. The servers full sized 2048 bit random number is used to create the shared session key and password proof. This is fixed in version 2.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54788 - SuiteCRM InboundEmail SQL Injection Vulnerability

CVE ID : CVE-2025-54788
Published : Aug. 7, 2025, 12:15 a.m. | 15 hours, 49 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 00:15:00 GMT

read more

CVE-2025-54785 - SuiteCRM PHP Object Injection Vulnerability

CVE ID : CVE-2025-54785
Published : Aug. 7, 2025, 12:15 a.m. | 15 hours ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 00:15:00 GMT

read more

CVE-2025-54786 - SuiteCRM Broken Authentication in iCal Service

CVE ID : CVE-2025-54786
Published : Aug. 7, 2025, 12:15 a.m. | 15 hours ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 00:15:00 GMT

read more

CVE-2023-3194 - CVE-2022-1234: Apache Struts Remote Code Execution

CVE ID : CVE-2023-3194
Published : Aug. 6, 2025, 11:15 p.m. | 14 hours, 15 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 23:15:00 GMT

read more

CVE-2025-8086 - Apache HTTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2025-8086
Published : Aug. 6, 2025, 11:15 p.m. | 14 hours, 15 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 23:15:00 GMT

read more

CVE-2025-7770 - Tigo Energy CCA Predictable Session ID Vulnerability

CVE ID : CVE-2025-7770
Published : Aug. 6, 2025, 9:15 p.m. | 11 hours, 59 minutes ago
Description : Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-7768 - Tigo Energy CCA Hard-Coded Credentials Vulnerability

CVE ID : CVE-2025-7768
Published : Aug. 6, 2025, 9:15 p.m. | 8 hours, 32 minutes ago
Description : Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-7769 - Tigo Energy CCA Command Injection Vulnerability

CVE ID : CVE-2025-7769
Published : Aug. 6, 2025, 9:15 p.m. | 8 hours, 32 minutes ago
Description : Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary commands on the device that could cause potential unauthorized access, service disruption, and data exposure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-6634 - Autodesk 3ds Max Memory Corruption Vulnerability

CVE ID : CVE-2025-6634
Published : Aug. 6, 2025, 9:15 p.m. | 7 hours, 59 minutes ago
Description : A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51052 - Vedo Suite Path Traversal Vulnerability

CVE ID : CVE-2025-51052
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51053 - Vedo Suite Cross-site Scripting (XSS)

CVE ID : CVE-2025-51053
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51054 - Vedo Suite Authentication Bypass

CVE ID : CVE-2025-51054
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51055 - Vedo Suite Insecure Data Storage Vulnerability

CVE ID : CVE-2025-51055
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51056 - Vedo Suite Unrestricted File Upload RCE

CVE ID : CVE-2025-51056
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51057 - Vedo Suite LFI Vulnerability

CVE ID : CVE-2025-51057
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51058 - Bottinelli Informatical Vedo Suite SSRF

CVE ID : CVE-2025-51058
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-6632 - Autodesk 3ds Max Out-of-Bounds Read

CVE ID : CVE-2025-6632
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-6633 - Autodesk 3ds Max Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-6633
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2024-55398 - 4C Strategies Exonaut Insecure Permissions Vulnerability

CVE ID : CVE-2024-55398
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2024-55399 - 4C Strategies Exonaut SSRF

CVE ID : CVE-2024-55399
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2024-55402 - 4C Strategies Exonaut Authentication Bypass Vulnerability

CVE ID : CVE-2024-55402
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-46660 - 4C Strategies Exonaut Hashing Without Salt Vulnerability

CVE ID : CVE-2025-46660
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-47908 - Apache Middleware Denial of Service Vulnerability

CVE ID : CVE-2025-47908
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-50740 - AutoConnect Arduino Library XSS Vulnerability

CVE ID : CVE-2025-50740
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-38746 - Dell SupportAssist OS Recovery Exposure of Sensitive Information to an Unauthorized Actor

CVE ID : CVE-2025-38746
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-38747 - Dell SupportAssist Elevation of Privileges Vulnerability

CVE ID : CVE-2025-38747
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-45764 - jsrsasign RSA Key Encryption Weakness

CVE ID : CVE-2025-45764
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : jsrsasign v11.1.0 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-45766 - Poco Weak Encryption Vulnerability

CVE ID : CVE-2025-45766
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : poco v1.14.1-release was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-46659 - "4C Strategies Exonaut External HTTPS Information Disclosure"

CVE ID : CVE-2025-46659
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-51624 - Zone Bitaqati Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51624
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-8130 - Apache Struts Command Injection Vulnerability

CVE ID : CVE-2025-8130
Published : Aug. 6, 2025, 7:15 p.m. | 2 hours, 11 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 19:15:00 GMT

read more

CVE-2025-8667 - SkyworkAI DeepResearchAgent OS Command Injection Vulnerability

CVE ID : CVE-2025-8667
Published : Aug. 6, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 18:15:00 GMT

read more

CVE-2025-20215 - Cisco Webex Meetings Unauthenticated Meeting-Join Vulnerability

CVE ID : CVE-2025-20215
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-20331 - Cisco ISE/Cisco ISE-PIC Stored XSS Vulnerability

CVE ID : CVE-2025-20331
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on the affected device.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-20332 - Cisco ISE HTTP Request Forgery (Remote Code Execution)

CVE ID : CVE-2025-20332
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-30127 - Marbella KR8s Dashcam FF Information Disclosure and File Access Vulnerability

CVE ID : CVE-2025-30127
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-8419 - Keycloak SMTP Injection Vulnerability

CVE ID : CVE-2025-8419
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-8665 - Agno-agi Agno Os Command Injection Vulnerability

CVE ID : CVE-2025-8665
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2024-8244 - Go filepath Symbolic Link TOCTOU

CVE ID : CVE-2024-8244
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-48393 - Eaton Firmware Man-in-the-Middle Attack Vulnerability

CVE ID : CVE-2025-48393
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-48394 - Eaton File Traversal Vulnerability

CVE ID : CVE-2025-48394
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-51531 - Sage DPW Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51531
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024.12.003 allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injcting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. This is fixed in Halbjahresversion 2024_12_004.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-51532 - Sage DPW Unauthenticated Access Control Bypass Vulnerability

CVE ID : CVE-2025-51532
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : Incorrect access control in Sage DPW v2024.12.003 allows unauthorized attackers to access the built-in Database Monitor via a crafted request. This is fixed in Halbjahresversion 2024_12_004.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-53786 - Microsoft Exchange Server Hybrid Deployment Authentication Bypass Vulnerability

CVE ID : CVE-2025-53786
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-50234 - MCCMS SSRF Flaw

CVE ID : CVE-2025-50234
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-50286 - Grav CMS Remote Code Execution

CVE ID : CVE-2025-50286
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-51040 - Electrolink FM/DAB/TV Transmitter Web Unauthorized Access

CVE ID : CVE-2025-51040
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-51306 - Gatling Enterprise Session Token Expired

CVE ID : CVE-2025-51306
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-51308 - Gatling Enterprise Information Disclosure Vulnerability

CVE ID : CVE-2025-51308
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2024-52885 - Fortinet Mobile Access Portal Directory Traversal Vulnerability

CVE ID : CVE-2024-52885
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-2028 - Apache Log4j Country Flag IP Information Disclosure

CVE ID : CVE-2025-2028
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-36020 - IBM Guardium Data Protection Cleartext Credential Disclosure

CVE ID : CVE-2025-36020
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-50233 - QCMS File Inclusion Vulnerability

CVE ID : CVE-2025-50233
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-3320 - IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-3320
Published : Aug. 6, 2025, 2:15 p.m. | 5 hours, 8 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 14:15:00 GMT

read more

CVE-2025-3354 - IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-3354
Published : Aug. 6, 2025, 2:15 p.m. | 5 hours, 8 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 14:15:00 GMT

read more

CVE-2025-8616 - OpenText Advanced Authentication Browser Plugin Authentication Bypass

CVE ID : CVE-2025-8616
Published : Aug. 6, 2025, 2:15 p.m. | 5 hours, 8 minutes ago
Description : A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 14:15:00 GMT

read more

CVE-2025-23325 - NVIDIA Triton Inference Server Recursion Denial of Service

CVE ID : CVE-2025-23325
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23326 - NVIDIA Triton Inference Server Integer Overflow Denial of Service

CVE ID : CVE-2025-23326
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23327 - NVIDIA Triton Inference Server Integer Overflow Vulnerability

CVE ID : CVE-2025-23327
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23331 - NVIDIA Triton Inference Server Denial of Service (DoS)

CVE ID : CVE-2025-23331
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23333 - NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-23333
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23334 - NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-23334
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23335 - NVIDIA Triton Inference Server Denial of Service Underflow

CVE ID : CVE-2025-23335
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23310 - NVIDIA Triton Inference Server Stack Buffer Overflow Vulnerability

CVE ID : CVE-2025-23310
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23311 - NVIDIA Triton Inference Server Stack Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-23311
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23317 - NVIDIA Triton Inference Server HTTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2025-23317
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23318 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write

CVE ID : CVE-2025-23318
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23319 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write Remote Code Execution Vulnerability

CVE ID : CVE-2025-23319
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23320 - NVIDIA Triton Inference Server Memory Information Disclosure

CVE ID : CVE-2025-23320
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23321 - NVIDIA Triton Inference Server Divide by Zero Denial of Service

CVE ID : CVE-2025-23321
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23322 - NVIDIA Triton Inference Server Double Free Denial of Service Vulnerability

CVE ID : CVE-2025-23322
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23323 - NVIDIA Triton Inference Server Integer Overflow Denial of Service

CVE ID : CVE-2025-23323
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23324 - NVIDIA Triton Inference Server Integer Overflow Denial of Service

CVE ID : CVE-2025-23324
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-5197 - Hugging Face Transformers ReDoS Vulnerability

CVE ID : CVE-2025-5197
Published : Aug. 6, 2025, 12:15 p.m. | 2 hours, 58 minutes ago
Description : A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 12:15:00 GMT

read more

CVE-2025-46388 - Apache HTTP Server Information Disclosure

CVE ID : CVE-2025-46388
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46389 - Microsoft Azure Active Directory Password Change

CVE ID : CVE-2025-46389
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-620: Unverified Password Change
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46390 - Apache Web Server HTTP Response Manipulation Vulnerability

CVE ID : CVE-2025-46390
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-204: Observable Response Discrepancy
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46391 - Apache HTTP Server Authentication Bypass

CVE ID : CVE-2025-46391
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-284: Improper Access Control
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46386 - Apache Struts Authentication Bypass

CVE ID : CVE-2025-46386
Published : Aug. 6, 2025, 11:15 a.m. | 1 hour, 41 minutes ago
Description : CWE-639 Authorization Bypass Through User-Controlled Key
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46387 - Apache Struts SSRF

CVE ID : CVE-2025-46387
Published : Aug. 6, 2025, 11:15 a.m. | 1 hour, 41 minutes ago
Description : CWE-639 Authorization Bypass Through User-Controlled Key
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-22469 - Siemens SIMATIC S7-1200 OS Command Injection Vulnerability

CVE ID : CVE-2025-22469
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative user privilege.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-22470 - Siemens SIMATIC CL4/6NX Plus Lua File Execution Vulnerability

CVE ID : CVE-2025-22470
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-6013 - Vault LDAP MFA Enforcement Weakness

CVE ID : CVE-2025-6013
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-7771 - "ThrottleStop.sys Kernel Memory Access Vulnerability"

CVE ID : CVE-2025-7771
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-8620 - GiveWP Information Exposure Vulnerability

CVE ID : CVE-2025-8620
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-7202 - Elgato Key Lights CSRF Vulnerability

CVE ID : CVE-2025-7202
Published : Aug. 6, 2025, 9:15 a.m. | 3 hours, 41 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 09:15:00 GMT

read more

CVE-2025-8556 - CIRCL FourQ Elliptic Curve Diffie-Hellman Key Exchange Session Compromise

CVE ID : CVE-2025-8556
Published : Aug. 6, 2025, 9:15 a.m. | 3 hours, 41 minutes ago
Description : A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 09:15:00 GMT

read more

CVE-2025-27066 - "Qualcomm Wi-Fi ANQP Message Processing Denial of Service"

CVE ID : CVE-2025-27066
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Transient DOS while processing an ANQP message.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27067 - Intel Graphics Memory Corruption Vulnerability

CVE ID : CVE-2025-27067
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing DDI call with invalid buffer.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27068 - Apache ExoPlayer IOCTL Memory Corruption

CVE ID : CVE-2025-27068
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing an IOCTL command with an arbitrary address.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27069 - Citrix Hypervisor Memory Corruption Vulnerability

CVE ID : CVE-2025-27069
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing DDI command calls.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27071 - Powerline Communication Firmware Buffer Overflow

CVE ID : CVE-2025-27071
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing specific files in Powerline Communication Firmware.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27072 - Cisco EAVB Header Length Information Disclosure Vulnerability

CVE ID : CVE-2025-27072
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Information disclosure while processing a packet at EAVB BE side with invalid header length.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27073 - Cisco Nexus Series: Denial of Service Vulnerability

CVE ID : CVE-2025-27073
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Transient DOS while creating NDP instance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27075 - Qualcomm Bluetooth Host Memory Corruption Vulnerability

CVE ID : CVE-2025-27075
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27076 - Citrix NetScaler Memory Corruption Vulnerability

CVE ID : CVE-2025-27076
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing simultaneous requests via escape path.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-47324 - D-Link Powerline Information Disclosure Vulnerability

CVE ID : CVE-2025-47324
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-7954 - Shopware Voucher System Race Condition

CVE ID : CVE-2025-7954
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21465 - Cisco Networking Equipment Information Disclosure

CVE ID : CVE-2025-21465
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Information disclosure while processing the hash segment in an MBN file.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21472 - Citrix eSE Debug Information Disclosure Vulnerability

CVE ID : CVE-2025-21472
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Information disclosure while capturing logs as eSE debug messages are logged.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21473 - Cisco Camera Data Mover (CDM) Register Write Memory Corruption Vulnerability

CVE ID : CVE-2025-21473
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21474 - Samsung Android A2dp Sink Command Queue Memory Corruption Vulnerability

CVE ID : CVE-2025-21474
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Memory corruption while processing commands from A2dp sink command queue.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21477 - Oracle NetWare CCCH Data Handling Denial of Service Vulnerability

CVE ID : CVE-2025-21477
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Transient DOS while processing CCCH data when NW sends data with invalid length.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27062 - Apache Kafka Deserialization Memory Corruption Vulnerability

CVE ID : CVE-2025-27062
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Memory corruption while handling client exceptions, allowing unauthorized channel access.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27065 - Cisco Security Appliance Denial of Service

CVE ID : CVE-2025-27065
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Transient DOS while processing a frame with malformed shared-key descriptor.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21452 - Nokia LTE Network Transient Denial of Service

CVE ID : CVE-2025-21452
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21455 - Apache HTTP Server Kernel Memory Corruption Vulnerability

CVE ID : CVE-2025-21455
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption while submitting blob data to kernel space though IOCTL.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21456 - Microsoft Windows Kernel IOCTL Buffer Overflow

CVE ID : CVE-2025-21456
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21457 - Apache Fasta RPC Information Disclosure Vulnerability

CVE ID : CVE-2025-21457
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Information disclosure while opening a fastrpc session when domain is not sanitized.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21458 - Apache Cassandra Use-After-Free Buffer Overflow

CVE ID : CVE-2025-21458
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21461 - Qualcomm Snapdragon CDM Register Programming Memory Corruption Vulnerability

CVE ID : CVE-2025-21461
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption when programming registers through virtual CDM.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21464 - Apache ImageMagick Out-of-Bounds Read Information Disclosure

CVE ID : CVE-2025-21464
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Information disclosure while reading data from an image using specified offset and size parameters.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-20990 - Western Digital External Hard Drive Device Node Access Control Vulnerability

CVE ID : CVE-2025-20990
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21010 - SamsungAccount Privilege Escalation Vulnerability

CVE ID : CVE-2025-21010
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21011 - Samsung Galaxy Watch Unauthenticated Sensor Data Exposure

CVE ID : CVE-2025-21011
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21012 - Samsung Galaxy Watch Fall Detection Access Control Vulnerability

CVE ID : CVE-2025-21012
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21013 - Samsung Galaxy Watch SemSensorManager Access Control Bypass

CVE ID : CVE-2025-21013
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21014 - Android Emergency SoS Component Export Vulnerability

CVE ID : CVE-2025-21014
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21015 - "Acme Document Scanner Path Traversal Vulnerability (Local File Deletion)"

CVE ID : CVE-2025-21015
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21016 - PkgPredictorService Android Improper Access Control Vulnerability

CVE ID : CVE-2025-21016
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21017 - Blockchain Keystore Out-of-bounds Write Vulnerability

CVE ID : CVE-2025-21017
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21018 - Blockchain Keystore OOB Read Vulnerability

CVE ID : CVE-2025-21018
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21019 - Samsung Health Authorization Bypass Vulnerability

CVE ID : CVE-2025-21019
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21020 - Blockchain Keystore OOB Write Vulnerability

CVE ID : CVE-2025-21020
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21021 - Blockchain Keystore Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-21021
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21022 - Galaxy Wearable Information Disclosure Vulnerability

CVE ID : CVE-2025-21022
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21023 - Samsung Galaxy Watch Local File Access Vulnerability

CVE ID : CVE-2025-21023
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21024 - Android Smart View Implicit Intent Information Disclosure Vulnerability

CVE ID : CVE-2025-21024
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-55023 - Fortinet SSL/TLS Weakness

CVE ID : CVE-2025-55023
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55024 - Apache HTTP Server Authentication Bypass

CVE ID : CVE-2025-55024
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55025 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-55025
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55026 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-55026
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55027 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-55027
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-6994 - Smartdatasoft WordPress Reveal Listing Plugin Privilege Escalation

CVE ID : CVE-2025-6994
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-7399 - "Elementor Stored Cross-Site Scripting in Betheme Theme for WordPress"

CVE ID : CVE-2025-7399
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-7498 - Elementor Exclusive Addons Stored Cross-Site Scripting

CVE ID : CVE-2025-7498
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-8100 - Elementor Addons and Templates Stored Cross-Site Scripting

CVE ID : CVE-2025-8100
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54640 - Apache Flink Deserialization ParcelMismatch Vulnerability

CVE ID : CVE-2025-54640
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54641 - Apache Kernel Buffer Overflow Vulnerability

CVE ID : CVE-2025-54641
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54642 - Qualcomm Snapdragon kernel gyroscope buffer overflow vulnerability

CVE ID : CVE-2025-54642
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54643 - Apache Ambient Light Module Array Out-of-Bounds Information Disclosure

CVE ID : CVE-2025-54643
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54644 - Apache Ambient Light Kernel Memory Corruption

CVE ID : CVE-2025-54644
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54645 - Apache Location Service Array Index Out-of-Bounds Vulnerability

CVE ID : CVE-2025-54645
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54646 - Qualcomm BLE Packet Length Overflow Vulnerability

CVE ID : CVE-2025-54646
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54647 - NearLink SSAP Out-of-bounds Read Vulnerability

CVE ID : CVE-2025-54647
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54648 - NearLink SSAP Out-of-bounds Read Vulnerability

CVE ID : CVE-2025-54648
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54649 - Google Location Service Type Confusion Vulnerability

CVE ID : CVE-2025-54649
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Vulnerability of using incompatible types to access resources in the location service. Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54650 - Cisco Audio Codec Array Index Vulnerability

CVE ID : CVE-2025-54650
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54651 - HuFS Kernel Race Condition Confidentiality Vulnerability

CVE ID : CVE-2025-54651
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55019 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-55019
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55020 - Apache Struts Deserialization Vulnerability

CVE ID : CVE-2025-55020
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55021 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-55021
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55022 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-55022
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-8632 - Kenwood DMX958XR Command Injection Root RCE

CVE ID : CVE-2025-8632
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26255.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8633 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8633
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26256.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8634 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8634
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26257.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8635 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8635
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26258.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8636 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8636
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26259.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8637 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8637
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26260.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8638 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8638
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26261.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8639 - Kenwood DMX958XR Root Command Injection Vulnerability

CVE ID : CVE-2025-8639
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26262.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8640 - Kenwood DMX958XR Root Command Injection Vulnerability

CVE ID : CVE-2025-8640
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26263.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8641 - Kenwood DMX958XR Firmware Update Root Command Injection Vulnerability

CVE ID : CVE-2025-8641
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26264.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8642 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8642
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26265.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8643 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8643
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26266.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8644 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8644
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26267.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8645 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8645
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26268.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8646 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8646
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26269.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8647 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8647
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26270.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8648 - Kenwood DMX958XR Root Command Injection Vulnerability

CVE ID : CVE-2025-8648
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26271.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8649 - Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8649
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26305.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8650 - Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8650
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26306.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8651 - Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8651
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26307.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8652 - Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8652
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26311.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8653 - Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8653
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26312.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8654 - Kenwood DMX958XR Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8654
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26313.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8655 - Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution

CVE ID : CVE-2025-8655
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26314.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8656 - Kenwood DMX958XR Software Downgrade Vulnerability

CVE ID : CVE-2025-8656
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26355.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-32430 - XWiki Platform Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-32430
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL. This permits the attacker to perform arbitrary actions using the permissions of the victim. This issue is fixed in versions 16.4.8, 16.10.6 and 17.3.0-rc-1. To workaround the issue, manually patch the WAR with the same changes as the original patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54124 - XWiki Platform Password Hash Disclosure Vulnerability

CVE ID : CVE-2025-54124
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can create an XClass with a database list property that references a password property. When adding an object of that XClass, the content of that password property is displayed. In practice, with a standard rights setup, this means that any user with an account on the wiki can access password hashes of all users, and possibly other password properties (with hashed or plain storage) that are on pages that the user can view. This issue is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54125 - XWiki Platform XML Export Information Disclosure Vulnerability

CVE ID : CVE-2025-54125
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1. To work around this issue, the file templates/xml.vm in the deployed WAR can be deleted if the XML isn't needed. There isn't any feature in XWiki itself that depends on the XML export.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54571 - ModSecurity HTTP Response Content-Type Header Hijacking Vulnerability

CVE ID : CVE-2025-54571
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54594 - React Native Bottom Tabs GitHub Actions Code Execution

CVE ID : CVE-2025-54594
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pull_request_target event trigger, which allowed for untrusted code from a forked pull request to be executed in a privileged context. An attacker could create a pull request containing a malicious preinstall script in the package.json file and then trigger the vulnerable workflow by posting a specific comment (!canary). This allowed for arbitrary code execution, leading to the exfiltration of sensitive secrets such as GITHUB_TOKEN and NPM_TOKEN, and could have allowed an attacker to push malicious code to the repository or publish compromised packages to the NPM registry. There is a remediation commit which removes github/workflows/release-canary.yml, but a version with this fix has yet to be released.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54801 - Fiber Ctx.BodyParser Slice Index Overflow/Exhaustion Vulnerability

CVE ID : CVE-2025-54801
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. If the idx is excessively large, this leads to an integer overflow or memory exhaustion, causing a panic or crash. This is fixed in version 2.52.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54869 - FPDI PDF DoS Vulnerability

CVE ID : CVE-2025-54869
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54872 - "Onion-Site-Template Tor Image Exposure Vulnerability"

CVE ID : CVE-2025-54872
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing onion domain. A website could be compromised if a user shared the baked-in image, or if someone were able to acquire access to the user's device outside of a containerized environment. This is fixed by commit bc9ba0fd.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54873 - RISC Zero RISC-V Arithmetic Overflow/Underflow

CVE ID : CVE-2025-54873
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54876 - Janssen Project PlainText Password Storage Vulnerability

CVE ID : CVE-2025-54876
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54879 - Mastodon LDAP Rate Limiting Email Confirmation Path Bypass Vulnerability

CVE ID : CVE-2025-54879
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the email-based throttle for confirmation emails incorrectly checks the password reset path instead of the confirmation path, effectively disabling per-email limits for confirmation requests. This allows attackers to bypass rate limits by rotating IP addresses and send unlimited confirmation emails to any email address, as only a weak IP-based throttle (25 requests per 5 minutes) remains active. The vulnerability enables denial-of-service attacks that can overwhelm mail queues and facilitate user harassment through confirmation email spam. This is fixed in versions 4.2.24, 4.3.11 and 4.4.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54883 - Vision UI Security Kit Cryptographic Weakness

CVE ID : CVE-2025-54883
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical cryptographic weakness. Due to a silent 32-bit integer overflow in its internal masking logic, the function fails to produce a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm. This causes the mask to be incorrect for any range requiring 32 or more bits of entropy. This issue is fixed in version 1.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54884 - Vision UI Denial of Service Vulnerability

CVE ID : CVE-2025-54884
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision UI 1.4.0 and below) are vulnerable to Denial of Service (DoS) attacks. The generateSecureId(length) function directly used the length parameter to size a Uint8Array buffer, allowing attackers to exhaust server memory through repeated requests for large IDs since the previous 1024 limit was insufficient. The getSecureRandomInt(min, max) function calculated buffer size based on the range between min and max, where large ranges caused excessive memory allocation and CPU-intensive rejection-sampling loops that could hang the thread. This issue is fixed in version 1.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

Fuite de données chez Bouygues Telecom

coordonnées, données contractuelles, état civil, IBAN

Wed Aug 06 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

Fuite de données chez Air France

nom, prénom, information de contact, n° et status flying blue, objet des demandes formulées

Wed Aug 06 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-8571 - Concrete CMS Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-8571
Published : Aug. 5, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/  for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 23:15:00 GMT

read more

CVE-2025-8573 - Concrete CMS Stored XSS on Members Dashboard

CVE ID : CVE-2025-8573
Published : Aug. 5, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev for reporting via HackerOne.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 23:15:00 GMT

read more

CVE-2025-52237 - SSCMS Directory Traversal Vulnerability

CVE ID : CVE-2025-52237
Published : Aug. 5, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 21:15:00 GMT

read more

CVE-2025-53534 - RatPanel Remote Code Execution and Unauthorized Access Vulnerability

CVE ID : CVE-2025-53534
Published : Aug. 5, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 21:15:00 GMT

read more

CVE-2013-10067 - Glossword Remote Code Execution (RCE) Vulnerability

CVE ID : CVE-2013-10067
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10068 - Foxit Reader Plugin Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2013-10068
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10069 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10069
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10070 - Apache PHP-Charts PHP Code Execution Vulnerability

CVE ID : CVE-2013-10070
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2014-125113 - Dell KACE K1000 System Management Appliance Unrestricted File Upload Vulnerability

CVE ID : CVE-2014-125113
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-50592 - Seacms Cross Site Scripting Vulnerability

CVE ID : CVE-2025-50592
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-51541 - Shopware Stored XSS Vulnerability

CVE ID : CVE-2025-51541
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious JavaScript. This vulnerability can be exploited via a Cross-Site Request Forgery (CSRF) attack due to the absence of CSRF protections on the POST request. An unauthenticated remote attacker can craft a malicious web page that, when visited by a victim, stores the payload persistently in the installation configuration. As a result, the payload executes whenever any user subsequently accesses the vulnerable installation page, leading to persistent client-side code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-52078 - Writebot AI Content Generator SaaS File Upload Privilege Escalation Vulnerability

CVE ID : CVE-2025-52078
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10024 - XBMC HTTP Server Path Traversal Vulnerability

CVE ID : CVE-2012-10024
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10025 - "WordPress Advanced Custom Fields RFI Remote Code Execution"

CVE ID : CVE-2012-10025
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10026 - "WordPress Asset-Manager Unauthenticated Remote Code Execution Vulnerability"

CVE ID : CVE-2012-10026
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10027 - WordPress WP-Property Unauthenticated Remote File Upload Vulnerability

CVE ID : CVE-2012-10027
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10028 - Netwin SurgeFTP Command Injection

CVE ID : CVE-2012-10028
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10029 - Nagios XI Command Injection Vulnerability

CVE ID : CVE-2012-10029
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10030 - FreeFloat FTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2012-10030
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10031 - BlazeVideo HDTV Player Pro Stack-Based Buffer Overflow

CVE ID : CVE-2012-10031
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10032 - Maxthon Cross Context Scripting Vulnerability

CVE ID : CVE-2012-10032
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user interaction, typically by visiting a malicious webpage that triggers the injection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10033 - Narcissus PHP Remote Code Execution Vulnerability

CVE ID : CVE-2012-10033
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10034 - "ClanSphere File Inclusion Vulnerability"

CVE ID : CVE-2012-10034
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10035 - Turbo FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2012-10035
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10064 - ActFax Server Buffer Overflow Vulnerability

CVE ID : CVE-2013-10064
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10065 - Sysax Multi-Server SSH Denial-of-Service Vulnerability

CVE ID : CVE-2013-10065
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10066 - Kordil EDMS File Upload Remote Code Execution

CVE ID : CVE-2013-10066
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10023 - FreeFloat FTP Server Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2012-10023
Published : Aug. 5, 2025, 8:15 p.m. | 34 minutes ago
Description : A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-45512 - DENX Software Engineering Das U-Boot Bootloader Firmware Signature Verification Bypass

CVE ID : CVE-2025-45512
Published : Aug. 5, 2025, 7:15 p.m. | 1 hour, 34 minutes ago
Description : A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 19:15:00 GMT

read more

CVE-2025-50454 - Blue Access Cobalt X1 Authentication Bypass Vulnerability

CVE ID : CVE-2025-50454
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-50688 - Apache TwistedWeb Command Injection Vulnerability

CVE ID : CVE-2025-50688
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file (e.g., a reverse shell script). Once uploaded, the attacker can trigger the execution of arbitrary commands on the target system, allowing for remote code execution. This could lead to escalation of privileges depending on the privileges of the web server process. The attack does not require physical access and can be conducted remotely, posing a significant risk to the confidentiality and integrity of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51060 - CPUID cpuz.sys MSR LSTAR Hijacking Vulnerability

CVE ID : CVE-2025-51060
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. Through this process, the attacker can modify MSR_LSTAR and hook KiSystemCall64. Afterward, using Return-Oriented Programming (ROP), the attacker can manipulate the stack with pre-prepared gadgets, disable the SMAP flag in the CR4 register, and execute a user-mode syscall handler in the kernel context. It has not been confirmed whether this works on 32-bit Windows, but it functions on 64-bit Windows if the core isolation feature is either absent or disabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51627 - Agenzia Impresa Eccobook CaricaVerbale Privilege Escalation Vulnerability

CVE ID : CVE-2025-51627
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51628 - Eccobook PdfHandler IDOR Vulnerability

CVE ID : CVE-2025-51628
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51857 - Halo XSS Vulnerability in AttachmentReconciler Class

CVE ID : CVE-2025-51857
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-8586 - "Libav MPEG File Parser Null Pointer Dereference Vulnerability"

CVE ID : CVE-2025-8586
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-43978 - Jointelli 5G CPE OS Command Injection Vulnerability

CVE ID : CVE-2025-43978
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 10 minutes ago
Description : Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-43980 - FIRSTNUM JC21A-04 Default SSH Credentials Vulnerability

CVE ID : CVE-2025-43980
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 10 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-54253 - Adobe Experience Manager Code Execution Vulnerability

CVE ID : CVE-2025-54253
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-54254 - Adobe Experience Manager XXE File System Read Vulnerability

CVE ID : CVE-2025-54254
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-7674 - Roche Diagnostics navify Monitoring Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-7674
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact on data confidentiality or integrity. This issue affects navify Monitoring before 1.08.00.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-8584 - Libav AVI File Parser Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-8584
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-8585 - Libav DSS File Demuxer Double Free Vulnerability

CVE ID : CVE-2025-8585
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-43979 - FIRSTNUM JC21A-04 Command Injection Vulnerability

CVE ID : CVE-2025-43979
Published : Aug. 5, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 16:15:00 GMT

read more

CVE-2025-46658 - "4C Strategies Exonaut ExonautWeb Information Disclosure"

CVE ID : CVE-2025-46658
Published : Aug. 5, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 16:15:00 GMT

read more

CVE-2025-27931 - PDF-XChange Editor Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-27931
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-29745 - Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure

CVE ID : CVE-2025-29745
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-2611 - ICTBroadcast Unauthenticated Remote Code Execution

CVE ID : CVE-2025-2611
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-44964 - BlueStacks SSL Certificate Validation Weakness - Man-in-the-Middle

CVE ID : CVE-2025-44964
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-46958 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-46958
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-47152 - PDF-XChange Editor Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-47152
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-50706 - Apache ThinkPHP Remote Code Execution Vulnerability

CVE ID : CVE-2025-50706
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-50707 - ThinkPHP3 Remote Code Execution Vulnerability

CVE ID : CVE-2025-50707
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-54874 - OpenJPEG Out-of-Bounds Heap Memory Write

CVE ID : CVE-2025-54874
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2024-52890 - IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-52890
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-7025 - Rockwell Automation Arena Out-of-Bounds Memory Access Vulnerability

CVE ID : CVE-2025-7025
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-7032 - Rockwell Automation Arena Memory Corruption Vulnerability

CVE ID : CVE-2025-7032
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-7033 - Rockwell Automation Arena Memory Corruption Vulnerability

CVE ID : CVE-2025-7033
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-54948 - Trend Micro Apex One Remote Code Execution

CVE ID : CVE-2025-54948
Published : Aug. 5, 2025, 1:15 p.m. | 4 hours, 4 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 13:15:00 GMT

read more

CVE-2025-54987 - Trend Micro Apex One Remote Code Execution Vulnerability

CVE ID : CVE-2025-54987
Published : Aug. 5, 2025, 1:15 p.m. | 4 hours, 4 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 13:15:00 GMT

read more

CVE-2025-8555 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8555
Published : Aug. 5, 2025, 10:15 a.m. | 7 hours, 3 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 10:15:00 GMT

read more

CVE-2025-8553 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8553
Published : Aug. 5, 2025, 9:15 a.m. | 8 hours, 3 minutes ago
Description : A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 09:15:00 GMT

read more

CVE-2025-8554 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8554
Published : Aug. 5, 2025, 9:15 a.m. | 8 hours, 3 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 09:15:00 GMT

read more

CVE-2025-6207 - WordPress Import Export Lite Plugin File Upload Vulnerability

CVE ID : CVE-2025-6207
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8294 - WordPress Download Counter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8294
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8295 - WordPress Employee Directory Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8295
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8551 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8551
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8552 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8552
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-2810 - Apache Key Exposure

CVE ID : CVE-2025-2810
Published : Aug. 5, 2025, 8:15 a.m. | 7 hours, 1 minute ago
Description : A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-41698 - Apache HTTP Server Command Injection Vulnerability

CVE ID : CVE-2025-41698
Published : Aug. 5, 2025, 8:15 a.m. | 7 hours ago
Description : A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-5061 - WordPress Import Export Lite Plugin Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-5061
Published : Aug. 5, 2025, 8:15 a.m. | 7 hours ago
Description : The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 3.9.29.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-7050 - Google Drive plugin for WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-7050
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, once a file upload shortcode is published on a publicly accessible post.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8313 - WordPress Campus Directory Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8313
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8315 - "WordPress WP Easy Contact Stored Cross-Site Scripting"

CVE ID : CVE-2025-8315
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8548 - "Atjiu Pybbs Registered Email Handler Information Exposure Vulnerability"

CVE ID : CVE-2025-8548
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8549 - "Atjiu Pybbs Password Weakness"

CVE ID : CVE-2025-8549
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8550 - "atjiu pybbs Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-8550
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-54982 - Zscaler SAML Authentication Signature Forgery

CVE ID : CVE-2025-54982
Published : Aug. 5, 2025, 6:15 a.m. | 9 hours ago
Description : An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 06:15:00 GMT

read more

CVE-2025-8547 - Atjiu Pybbs Email Verification Handler Remote Authorization Bypass Vulnerability

CVE ID : CVE-2025-8547
Published : Aug. 5, 2025, 6:15 a.m. | 9 hours ago
Description : A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 06:15:00 GMT

read more

CVE-2025-54868 - LibreChat Meilisearch Engine Information Disclosure

CVE ID : CVE-2025-54868
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8544 - Portabilis i-Educar Cross Site Scripting Vulnerability

CVE ID : CVE-2025-8544
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8545 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8545
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8546 - Atjiu Pybbs Captcha Guessing Vulnerability (Remote)

CVE ID : CVE-2025-8546
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8542 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8542
Published : Aug. 5, 2025, 4:16 a.m. | 8 hours, 51 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-8543 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8543
Published : Aug. 5, 2025, 4:16 a.m. | 8 hours, 51 minutes ago
Description : A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54980 - Adobe Flash Player Arbitrary Command Execution

CVE ID : CVE-2025-54980
Published : Aug. 5, 2025, 4:16 a.m. | 5 hours, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54978 - Apache HTTP Server HTTP Header Injection

CVE ID : CVE-2025-54978
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 51 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54979 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-54979
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 51 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54974 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-54974
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54975 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54975
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution

CVE ID : CVE-2025-54976
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54977 - Microsoft Azure Storage Rejected Reason

CVE ID : CVE-2025-54977
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-53417 - DIAView Directory Traversal Information Disclosure Vulnerability

CVE ID : CVE-2025-53417
Published : Aug. 5, 2025, 3:15 a.m. | 5 hours, 10 minutes ago
Description : DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 03:15:00 GMT

read more

CVE-2025-8540 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8540
Published : Aug. 5, 2025, 3:15 a.m. | 5 hours, 10 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 03:15:00 GMT

read more

CVE-2025-8541 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8541
Published : Aug. 5, 2025, 3:15 a.m. | 5 hours, 10 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 03:15:00 GMT

read more

CVE-2025-8539 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8539
Published : Aug. 5, 2025, 2:15 a.m. | 6 hours, 10 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 02:15:00 GMT

read more

CVE-2025-54865 - Tilesheets MediaWiki SQL Injection Vulnerability

CVE ID : CVE-2025-54865
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54870 - VTun-ng Blowfish-256 Plaintext Reversion Vulnerability

CVE ID : CVE-2025-54870
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54871 - Electron TCC Bypass

CVE ID : CVE-2025-54871
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-8535 - "Cronoh NanoVault XSS Vulnerability"

CVE ID : CVE-2025-8535
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-8537 - Axiomatic Bento4 AP4_DataBuffer Buffer Overflow

CVE ID : CVE-2025-8537
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-8538 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8538
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54803 - js-toml Prototype Pollution Vulnerability

CVE ID : CVE-2025-54803
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours, 20 minutes ago
Description : js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed in version 1.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54804 - Russh SSH Integer Overflow Vulnerability

CVE ID : CVE-2025-54804
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours, 20 minutes ago
Description : Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54780 - GLPI Screenshot Plugin File Disclosure and PHP Wrapper Abuse

CVE ID : CVE-2025-54780
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54794 - "Claude Code Directory Traversal Vulnerability"

CVE ID : CVE-2025-54794
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54795 - Claude Code Command Injection Vulnerability

CVE ID : CVE-2025-54795
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54802 - "pyLoad Path Traversal RCE"

CVE ID : CVE-2025-54802
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-52892 - EspoCRM Double Slash URL Vulnerability (Cache Corruption)

CVE ID : CVE-2025-52892
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes (e.g https://domain//#Admin) and the webserver does not strip the double slash, it can cause a corrupted Slim router's cache. This will make the instance unusable until there is a completed rebuild. This is fixed in version 9.1.7.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-53544 - Trilium Notes Unauthenticated Brute-Force Protection Bypass Vulnerability

CVE ID : CVE-2025-53544
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. Trilium is a single-user app without a username requirement, and brute-force protection bypass makes exploitation much more feasible. Multiple features provided by Trilium (e.g. MFA, share notes, custom request handler) indicate that Trilium can be exposed to the internet. This is fixed in version 0.97.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54119 - ADOdb SQLite3 SQL Injection Vulnerability

CVE ID : CVE-2025-54119
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54130 - "Cursor Dotfile File Write RCE Vulnerability"

CVE ID : CVE-2025-54130
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the .vscode/settings.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54135 - Cursor Unapproved File Writing and RCE Vulnerability

CVE ID : CVE-2025-54135
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54387 - IPX Path Prefix Bypass Vulnerability

CVE ID : CVE-2025-54387
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54797 - Apache Struts Remote Code Execution

CVE ID : CVE-2025-54797
Published : Aug. 5, 2025, 12:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: This CVE is a duplicate of CVE-2025-52464.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 00:15:00 GMT

read more

CVE-2025-8534 - Libtiff tiff2ps PS_Lvl2page Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-8534
Published : Aug. 5, 2025, 12:15 a.m. | 3 hours, 20 minutes ago
Description : A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 00:15:00 GMT

read more

Fuite de données chez Pandora

nom, adresse email

Tue Aug 05 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-8530 - Elunez Eladmin Druid Default Credentials Vulnerability

CVE ID : CVE-2025-8530
Published : Aug. 4, 2025, 11:15 p.m. | 4 hours, 20 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-46093 - LiquidFiles FTP SETUID Setgid Remote Command Execution

CVE ID : CVE-2025-46093
Published : Aug. 4, 2025, 11:15 p.m. | 3 hours, 19 minutes ago
Description : LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-46094 - LiquidFiles Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-46094
Published : Aug. 4, 2025, 11:15 p.m. | 3 hours, 19 minutes ago
Description : LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-8529 - CloudFavorites Favorites-Web SSRF Vulnerability

CVE ID : CVE-2025-8529
Published : Aug. 4, 2025, 11:15 p.m. | 3 hours, 19 minutes ago
Description : A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-27211 - EdgeMAX EdgeSwitch Command Injection Vulnerability

CVE ID : CVE-2025-27211
Published : Aug. 4, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-27212 - Ubiquiti UniFi Access Command Injection Vulnerability

CVE ID : CVE-2025-27212
Published : Aug. 4, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-4599 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

CVE ID : CVE-2025-4599
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 57 minutes ago
Description : The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-4604 - Liferay Portal/Captcha Bypass Remote Code Execution

CVE ID : CVE-2025-4604
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-54554 - Tera Insights tiCrypt Information Disclosure

CVE ID : CVE-2025-54554
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-7844 - TPM 2.0 Stack Buffer Overflow

CVE ID : CVE-2025-7844
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or importing an RSA private or public key larger than 2048 bits and your application calls `wolfTPM2_RsaKey_TpmToWolf` on that key, then a stack buffer could be overrun. If the `MAX_RSA_KEY_BITS` build-time macro is set correctly (RSA bits match what TPM hardware is capable of) for the hardware target, then a stack overrun is not possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-8527 - Exrick xboot Swagger Server-Side Request Forgery (SSRF) Vulnerability

CVE ID : CVE-2025-8527
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-8528 - Exrick xboot Exposed Sensitive Information Cookie Storage

CVE ID : CVE-2025-8528
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-50341 - Axelor SQL Injection Vulnerability

CVE ID : CVE-2025-50341
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-50754 - Unisite CMS Stored XSS

CVE ID : CVE-2025-50754
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-51387 - GitKraken Desktop Node.js Code Injection Vulnerability

CVE ID : CVE-2025-51387
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-51726 - CyberGhost VPN Weak SHA-1 Signing and Predictable ASLR Vulnerability

CVE ID : CVE-2025-51726
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification mechanisms, particularly on systems without strict SmartScreen or trust policy enforcement. Additionally, the installer lacks High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and repeated WinDbg analysis. The binary consistently loads into predictable memory ranges, increasing the success rate of memory corruption exploits. These two misconfigurations, when combined, significantly lower the bar for successful supply-chain style attacks or privilege escalation through fake installers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-8525 - Exrick xboot Information Disclosure Vulnerability

CVE ID : CVE-2025-8525
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-8526 - Exrick xBoot Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-8526
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-50340 - SOGo Webmail IDOR Email Spoofing

CVE ID : CVE-2025-50340
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-55014 - Youdao StarDict X11 Selection Information Disclosure

CVE ID : CVE-2025-55014
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-8523 - RiderLike Fruit Crush-Brain App Android Component Export Vulnerability

CVE ID : CVE-2025-8523
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-8524 - "Boquan DotWallet Android AndroidManifest.xml Component Export Vulnerability"

CVE ID : CVE-2025-8524
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-8522 - Givanz Vvvebjs Node.js File Path Traversal Vulnerability

CVE ID : CVE-2025-8522
Published : Aug. 4, 2025, 7:15 p.m. | 5 hours, 56 minutes ago
Description : A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-21120 - Dell Avamar HTTP Permission Methods Vulnerability

CVE ID : CVE-2025-21120
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-26476 - Dell ECS Hard-coded Cryptographic Key Unauthorized Access Vulnerability

CVE ID : CVE-2025-26476
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-38741 - "Dell Enterprise SONiC OS SSH Cryptographic Key Exposure Vulnerability"

CVE ID : CVE-2025-38741
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-52239 - ZKEACMS File Upload Code Execution Vulnerability

CVE ID : CVE-2025-52239
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-53394 - Macrium Reflect Remote Code Execution Vulnerability

CVE ID : CVE-2025-53394
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and proceeds to mount it, Reflect launches the renamed executable (e.g., explorer.exe), which is under attacker control. This occurs because of insufficient validation of companion files referenced during backup mounting.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-53395 - Macrium Reflect DLL Loading Vulnerability (Local Privilege Escalation)

CVE ID : CVE-2025-53395
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx file, Reflect loads the attacker's VSSSvr.dll after the mount completes. This occurs because of untrusted DLL search path behavior in ReflectMonitor.exe.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-8521 - Givanz Vvveb Add Type Handler Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8521
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named b53c7161da606f512b7efcb392d6ffc708688d49/605a70f8729e4d44ebe272671cb1e43e3d6ae014. It is recommended to upgrade the affected component.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-8520 - Givanz Vvveb SSRF Vulnerability

CVE ID : CVE-2025-8520
Published : Aug. 4, 2025, 6:15 p.m. | 4 hours, 51 minutes ago
Description : A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is identified as f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2013-10052 - ZPanel Sudo Privilege Escalation Vulnerability

CVE ID : CVE-2013-10052
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2013-10054 - LibrettoCMS Unauthenticated Remote Code Execution File Upload Vulnerability

CVE ID : CVE-2013-10054
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2024-45183 - Samsung Exynos JPEG Length Check Vulnerability (Buffer Overflow)

CVE ID : CVE-2024-45183
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-34147 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection Vulnerability

CVE ID : CVE-2025-34147
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root during device reboot, leading to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-46206 - Artifex mupdf Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-46206
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-51390 - TOTOLINK N600R Command Injection Vulnerability

CVE ID : CVE-2025-51390
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-8519 - Givanz Vvveb Drag-and-Drop Editor Information Disclosure Vulnerability

CVE ID : CVE-2025-8519
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-50420 - Poppler PDF Denial of Service

CVE ID : CVE-2025-50420
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-50422 - Poppler PDF Memory Leak Information Disclosure

CVE ID : CVE-2025-50422
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-51534 - Austrian Archaeological Institute (AI) OpenAtlas Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51534
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-51535 - Austrian Archaeological Institute OpenAtlas SQL Injection Vulnerability

CVE ID : CVE-2025-51535
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-8518 - Givanz Vvveb Code Editor Remote Code Injection Vulnerability

CVE ID : CVE-2025-8518
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44954 - RUCKUS SmartZone SSH Private Key Hardcoded Vulnerability

CVE ID : CVE-2025-44954
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44957 - Ruckus SmartZone Authentication Bypass Vulnerability

CVE ID : CVE-2025-44957
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44958 - RUCKUS Network Director Unencrypted Password Storage Vulnerability

CVE ID : CVE-2025-44958
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44960 - RUCKUS SmartZone OS Command Injection Vulnerability

CVE ID : CVE-2025-44960
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44961 - RUCKUS SmartZone OS Command Injection

CVE ID : CVE-2025-44961
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44962 - RUCKUS SmartZone Directory Traversal Vulnerability

CVE ID : CVE-2025-44962
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44963 - RUCKUS Network Director JWT Spoofing Vulnerability

CVE ID : CVE-2025-44963
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-38739 - Dell Digital Delivery Insufficiently Protected Credentials Information Disclosure

CVE ID : CVE-2025-38739
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-44955 - RUCKUS Network Director (RND) Hardcoded Password Root Access

CVE ID : CVE-2025-44955
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-5988 - Ansible aap-gateway CSRF Vulnerability

CVE ID : CVE-2025-5988
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-8516 - Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp Remote Path Traversal Vulnerability

CVE ID : CVE-2025-8516
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!\kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor recommends as a short-term measure to "[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control." The long-term remediation will be: "Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function."
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-8517 - Givanz Vvveb Session Fixation Vulnerability

CVE ID : CVE-2025-8517
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.7 is able to address this issue. The patch is named d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. It is recommended to upgrade the affected component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-26065 - Intelbras RX1500 RX3000 XSS

CVE ID : CVE-2025-26065
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30096 - Dell PowerProtect Data Domain DD OS OS Command Injection

CVE ID : CVE-2025-30096
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30097 - Dell PowerProtect Data Domain OS Command Injection

CVE ID : CVE-2025-30097
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30098 - Dell PowerProtect Data Domain DD OS OS Command Injection

CVE ID : CVE-2025-30098
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30099 - Dell PowerProtect Data Domain OS Command Injection

CVE ID : CVE-2025-30099
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-36594 - Dell PowerProtect Data Domain DD OS Authentication Bypass by Spoofing Vulnerability

CVE ID : CVE-2025-36594
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-44643 - Draytek AP Series Insecure Permissions Weak Password Vulnerability

CVE ID : CVE-2025-44643
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-51536 - AI OpenAtlas Hardcoded Administrator Password Vulnerability

CVE ID : CVE-2025-51536
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-36604 - Dell Unity OS Command Injection

CVE ID : CVE-2025-36604
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-36605 - Dell Unity Cross-site Scripting Vulnerability

CVE ID : CVE-2025-36605
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-36606 - Dell Unity OS Command Injection Vulnerability

CVE ID : CVE-2025-36606
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-36607 - Dell Unity OS Command Injection Vulnerability

CVE ID : CVE-2025-36607
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-8109 - NVIDIA GPU Origin Read-Only Memory Write Vulnerability

CVE ID : CVE-2025-8109
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-8515 - Intelbras InControl JSON Endpoint Information Disclosure

CVE ID : CVE-2025-8515
Published : Aug. 4, 2025, 11:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 11:15:00 GMT

read more

CVE-2025-0932 - Arm Ltd Bifrost GPU Userspace Driver/Arm Ltd Valhall GPU Userspace Driver/Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver: After Free Information Disclosure

CVE ID : CVE-2025-0932
Published : Aug. 4, 2025, 10:15 a.m. | 6 hours, 51 minutes ago
Description : Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 10:15:00 GMT

read more

CVE-2025-6204 - DELmia Apriso Code Injection Vulnerability

CVE ID : CVE-2025-6204
Published : Aug. 4, 2025, 10:15 a.m. | 6 hours, 51 minutes ago
Description : An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 10:15:00 GMT

read more

CVE-2025-6205 - "DELmia Apriso Authorization Bypass Vulnerability"

CVE ID : CVE-2025-6205
Published : Aug. 4, 2025, 10:15 a.m. | 6 hours, 51 minutes ago
Description : A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 10:15:00 GMT

read more

CVE-2025-8341 - Grafana Infinity Datasource URL Bypass Vulnerability

CVE ID : CVE-2025-8341
Published : Aug. 4, 2025, 9:15 a.m. | 7 hours, 51 minutes ago
Description : Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 09:15:00 GMT

read more

CVE-2025-41659 - CODESYS Control PKI Folder Remote Access Vulnerability

CVE ID : CVE-2025-41659
Published : Aug. 4, 2025, 8:15 a.m. | 8 hours, 51 minutes ago
Description : A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 08:15:00 GMT

read more

CVE-2025-41691 - Siemens CODESYS Control Remote NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-41691
Published : Aug. 4, 2025, 8:15 a.m. | 8 hours, 51 minutes ago
Description : An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 08:15:00 GMT

read more

CVE-2025-41658 - CODESYS Runtime Toolkit File Permission Vulnerability (Information Disclosure)

CVE ID : CVE-2025-41658
Published : Aug. 4, 2025, 8:15 a.m. | 8 hours, 3 minutes ago
Description : CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 08:15:00 GMT

read more

CVE-2025-20700 - Airoha Bluetooth Audio SDK Privilege Escalation Vulnerability

CVE ID : CVE-2025-20700
Published : Aug. 4, 2025, 7:15 a.m. | 9 hours, 4 minutes ago
Description : In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 07:15:00 GMT

read more

CVE-2025-20701 - Airoha Bluetooth Audio SDK Remote Privilege Escalation Vulnerability

CVE ID : CVE-2025-20701
Published : Aug. 4, 2025, 7:15 a.m. | 9 hours, 4 minutes ago
Description : In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 07:15:00 GMT

read more

CVE-2025-20702 - Airoha Bluetooth RACE Protocol Privilege Escalation Vulnerability

CVE ID : CVE-2025-20702
Published : Aug. 4, 2025, 7:15 a.m. | 9 hours, 4 minutes ago
Description : In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 07:15:00 GMT

read more

CVE-2025-48499 - Fujifilm Business Innovation MFP Denial-of-Service Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-48499
Published : Aug. 4, 2025, 6:15 a.m. | 10 hours, 4 minutes ago
Description : Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 06:15:00 GMT

read more

CVE-2025-20696 - Dell Authentication Agent Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-20696
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-20697 - Qualcomm Power HAL Out-of-Bounds Write Privilege Escalation

CVE ID : CVE-2025-20697
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-20698 - Qualcomm Power HAL Out-of-Bounds Write Privilege Escalation

CVE ID : CVE-2025-20698
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-54962 - OpenPLC Runtime File Upload Vulnerability

CVE ID : CVE-2025-54962
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-54956 - Gh R Unauthorized Information Disclosure

CVE ID : CVE-2025-54956
Published : Aug. 3, 2025, 6:15 p.m. | 20 hours, 53 minutes ago
Description : The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 18:15:00 GMT

read more

CVE-2025-8513 - Caixin News App Android Android Application Component Export Vulnerability

CVE ID : CVE-2025-8513
Published : Aug. 3, 2025, 3:15 p.m. | 23 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 15:15:00 GMT

read more

CVE-2025-8511 - Portabilis i-Diario Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8511
Published : Aug. 3, 2025, 2:15 p.m. | 1 day ago
Description : A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 14:15:00 GMT

read more

CVE-2025-8512 - TVB Big Big Shop App Android Android Application Component Export Vulnerability

CVE ID : CVE-2025-8512
Published : Aug. 3, 2025, 2:15 p.m. | 1 day ago
Description : A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 14:15:00 GMT

read more

CVE-2025-8509 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8509
Published : Aug. 3, 2025, 1:15 p.m. | 23 hours, 51 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 13:15:00 GMT

read more

CVE-2025-8510 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8510
Published : Aug. 3, 2025, 1:15 p.m. | 23 hours, 51 minutes ago
Description : A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 13:15:00 GMT

read more

CVE-2024-51775 - Apache Zeppelin Origin Validation Bypass WebSockets Vulnerability

CVE ID : CVE-2024-51775
Published : Aug. 3, 2025, 11:15 a.m. | 1 day, 1 hour ago
Description : Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 11:15:00 GMT

read more

CVE-2025-8508 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8508
Published : Aug. 3, 2025, 11:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 11:15:00 GMT

read more

CVE-2025-8507 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8507
Published : Aug. 3, 2025, 10:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 10:15:00 GMT

read more

CVE-2024-52279 - Apache Zeppelin JDBC URL Validation Bypass

CVE ID : CVE-2024-52279
Published : Aug. 3, 2025, 10:15 a.m. | 1 day ago
Description : Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 10:15:00 GMT

read more

CVE-2024-41177 - Apache Zeppelin Cross-Site Scripting (CWE-80)

CVE ID : CVE-2024-41177
Published : Aug. 3, 2025, 10:15 a.m. | 23 hours, 24 minutes ago
Description : Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 10:15:00 GMT

read more

CVE-2025-8506 - wx-shop Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8506
Published : Aug. 3, 2025, 9:15 a.m. | 1 day ago
Description : A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 09:15:00 GMT

read more

CVE-2025-8505 - wx-shop Cross-Site Request Forgery (CSRF) Vulnerability

CVE ID : CVE-2025-8505
Published : Aug. 3, 2025, 8:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 08:15:00 GMT

read more

CVE-2025-8504 - "Code-Projects Kitchen Treasure File Upload Vulnerability"

CVE ID : CVE-2025-8504
Published : Aug. 3, 2025, 8:15 a.m. | 1 day ago
Description : A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 08:15:00 GMT

read more

CVE-2025-8502 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8502
Published : Aug. 3, 2025, 7:15 a.m. | 23 hours, 47 minutes ago
Description : A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 07:15:00 GMT

read more

CVE-2025-8503 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8503
Published : Aug. 3, 2025, 7:15 a.m. | 23 hours, 47 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 07:15:00 GMT

read more

CVE-2025-8501 - Human Resource Integrated System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8501
Published : Aug. 3, 2025, 6:15 a.m. | 1 day ago
Description : A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 06:15:00 GMT

read more

CVE-2025-8499 - Code-Projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8499
Published : Aug. 3, 2025, 5:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cusfindambulence2.php. The manipulation of the argument Search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 05:15:00 GMT

read more

CVE-2025-8500 - Code-projects Human Resource Integrated System SQL Injection Vulnerability

CVE ID : CVE-2025-8500
Published : Aug. 3, 2025, 5:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 05:15:00 GMT

read more

CVE-2025-8498 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8498
Published : Aug. 3, 2025, 4:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been classified as critical. This affects an unknown part of the file /cart/index.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-8497 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8497
Published : Aug. 3, 2025, 4:15 a.m. | 1 day ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cusfindphar2.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-52131 - XWiki Mocca Calendar XSS

CVE ID : CVE-2025-52131
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-52132 - XWiki Mocca Calendar XSS Vulnerability

CVE ID : CVE-2025-52132
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-52133 - XWiki Mocca Calendar XSS

CVE ID : CVE-2025-52133
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-8496 - Projectworlds Online Admission System SQL Injection Vulnerability

CVE ID : CVE-2025-8496
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewform.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-8495 - Code-projects Intern Membership Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8495
Published : Aug. 3, 2025, 2:15 a.m. | 14 hours, 33 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54351 - Iperf Buffer Overflow

CVE ID : CVE-2025-54351
Published : Aug. 3, 2025, 2:15 a.m. | 12 hours, 51 minutes ago
Description : In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54349 - Iperf Heap-Based Buffer Overflow

CVE ID : CVE-2025-54349
Published : Aug. 3, 2025, 2:15 a.m. | 11 hours, 22 minutes ago
Description : In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54350 - Iperf Base64Decode Assertion Failure Vulnerability

CVE ID : CVE-2025-54350
Published : Aug. 3, 2025, 2:15 a.m. | 11 hours, 22 minutes ago
Description : In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54955 - OpenNebula FireEdge JWT Authentication Bypass

CVE ID : CVE-2025-54955
Published : Aug. 3, 2025, 12:15 a.m. | 12 hours, 27 minutes ago
Description : OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 00:15:00 GMT

read more

CVE-2025-8494 - Code-projects Intern Membership Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8494
Published : Aug. 3, 2025, 12:15 a.m. | 12 hours, 27 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 00:15:00 GMT

read more

CVE-2025-23290 - NVIDIA vGPU Information Disclosure Vulnerability

CVE ID : CVE-2025-23290
Published : Aug. 2, 2025, 11:15 p.m. | 11 hours, 26 minutes ago
Description : NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-8493 - Code-projects Intern Membership Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8493
Published : Aug. 2, 2025, 11:15 p.m. | 11 hours, 26 minutes ago
Description : A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2023-32253 - Linux Kernel ksmbd Deadlock Denial of Service Vulnerability

CVE ID : CVE-2023-32253
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2023-32255 - Linux Kernel ksmbd NTLMSSP Memory Leak

CVE ID : CVE-2023-32255
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-23284 - NVIDIA vGPU Stack Buffer Overflow Vulnerability

CVE ID : CVE-2025-23284
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-23285 - NVIDIA vGPU Denial of Service

CVE ID : CVE-2025-23285
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-23283 - NVIDIA vGPU Virtual GPU Manager Stack Buffer Overflow

CVE ID : CVE-2025-23283
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23286 - NVIDIA GPU Display Driver Memory Disclosure Vulnerability

CVE ID : CVE-2025-23286
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23287 - NVIDIA GPU Display Driver Windows Information Disclosure

CVE ID : CVE-2025-23287
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23288 - NVIDIA GPU Display Driver for Windows Information Disclosure

CVE ID : CVE-2025-23288
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows contains a vulnerability  where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23278 - NVIDIA Display Driver Index Validation Vulnerability

CVE ID : CVE-2025-23278
Published : Aug. 2, 2025, 10:15 p.m. | 6 hours, 50 minutes ago
Description : NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering  or denial of service.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23279 - NVIDIA run Installer Privilege Escalation Vulnerability

CVE ID : CVE-2025-23279
Published : Aug. 2, 2025, 10:15 p.m. | 6 hours, 50 minutes ago
Description : NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23281 - NVIDIA GPU Display Driver for Windows Use-After-Free Vulnerability

CVE ID : CVE-2025-23281
Published : Aug. 2, 2025, 10:15 p.m. | 6 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23276 - NVIDIA Installer for Windows Privilege Escalation Vulnerability

CVE ID : CVE-2025-23276
Published : Aug. 2, 2025, 10:15 p.m. | 4 hours, 50 minutes ago
Description : NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23277 - NVIDIA Display Driver Kernel Mode Driver Out-of-Bounds Memory Access Vulnerability

CVE ID : CVE-2025-23277
Published : Aug. 2, 2025, 10:15 p.m. | 4 hours, 50 minutes ago
Description : NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-8471 - Projectworlds Online Admission System SQL Injection

CVE ID : CVE-2025-8471
Published : Aug. 2, 2025, 7:15 p.m. | 7 hours, 51 minutes ago
Description : A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 19:15:00 GMT

read more

CVE-2025-8470 - SourceCodester Online Hotel Reservation System SQL Injection Vulnerability

CVE ID : CVE-2025-8470
Published : Aug. 2, 2025, 6:15 p.m. | 8 hours, 50 minutes ago
Description : A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 18:15:00 GMT

read more

CVE-2025-8469 - SourceCodester Online Hotel Reservation System SQL Injection Vulnerability

CVE ID : CVE-2025-8469
Published : Aug. 2, 2025, 5:15 p.m. | 9 hours, 50 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 17:15:00 GMT

read more

CVE-2025-8468 - Code-projects Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8468
Published : Aug. 2, 2025, 3:15 p.m. | 11 hours, 50 minutes ago
Description : A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 15:15:00 GMT

read more

CVE-2025-7500 - WordPress Ocean Social Sharing Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7500
Published : Aug. 2, 2025, 12:15 p.m. | 13 hours, 21 minutes ago
Description : The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 12:15:00 GMT

read more

CVE-2025-7710 - "Brave Conversion Engine WordPress Facebook Authentication Bypass"

CVE ID : CVE-2025-7710
Published : Aug. 2, 2025, 12:15 p.m. | 13 hours, 21 minutes ago
Description : The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 12:15:00 GMT

read more

CVE-2025-8467 - Code-Projects Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8467
Published : Aug. 2, 2025, 11:15 a.m. | 14 hours, 21 minutes ago
Description : A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 11:15:00 GMT

read more

CVE-2025-8488 - Elementor Header Footer Builder Unauthorized Data Modification Vulnerability

CVE ID : CVE-2025-8488
Published : Aug. 2, 2025, 10:15 a.m. | 15 hours, 21 minutes ago
Description : The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_hfe_compatibility_option_callback ()function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the compatibility option setting.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 10:15:00 GMT

read more

CVE-2025-6722 - BitFire Security - WordPress Firewall, WAF, Bot/Spam Blocker, Login Security Sensitive Information Exposure

CVE ID : CVE-2025-6722
Published : Aug. 2, 2025, 10:15 a.m. | 12 hours, 30 minutes ago
Description : The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 10:15:00 GMT

read more

CVE-2025-6832 - WordPress All in One Time Clock Lite Reflected Cross-Site Scripting

CVE ID : CVE-2025-6832
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 30 minutes ago
Description : The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8391 - WordPress Magic Edge Lite Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8391
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : The Magic Edge – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8399 - WordPress Mmm Unity Loader Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8399
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8400 - WordPress Image Gallery Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8400
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8466 - Code-projects Online Farm System SQL Injection

CVE ID : CVE-2025-8466
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8212 - Elementor Medical Addon Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8212
Published : Aug. 2, 2025, 8:15 a.m. | 14 hours, 30 minutes ago
Description : The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-8317 - WordPress Custom Word Cloud Stored Cross-Site Scripting

CVE ID : CVE-2025-8317
Published : Aug. 2, 2025, 8:15 a.m. | 14 hours, 30 minutes ago
Description : The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-4588 - WordPress 360 Photo Spheres Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4588
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-6626 - ShortPixel Adaptive Images WordPress Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6626
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-6754 - "WordPress SEO Metrics Privilege Escalation"

CVE ID : CVE-2025-6754
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller’s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator cookies.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-8152 - WordPress WP CTA - Call To Action Plugin Unauthenticated Data Modification Vulnerability

CVE ID : CVE-2025-8152
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-8146 - "Qi Addons For Elementor Stored Cross-Site Scripting"

CVE ID : CVE-2025-8146
Published : Aug. 2, 2025, 5:15 a.m. | 16 hours, 21 minutes ago
Description : The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 05:15:00 GMT

read more

CVE-2025-7694 - WordPress Woffice Core Plugin File Deletion Vulnerability

CVE ID : CVE-2025-7694
Published : Aug. 2, 2025, 4:15 a.m. | 17 hours, 20 minutes ago
Description : The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 04:15:00 GMT

read more

CVE-2025-6076 - Partner Software's Partner Software and Partner Web application File Upload Privilege Escalation

CVE ID : CVE-2025-6076
Published : Aug. 2, 2025, 3:15 a.m. | 18 hours, 21 minutes ago
Description : Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 03:15:00 GMT

read more

CVE-2025-6077 - Partner Software's Partner Software Product and Web Application Default Administrator Credentials Vulnerability

CVE ID : CVE-2025-6077
Published : Aug. 2, 2025, 3:15 a.m. | 18 hours, 21 minutes ago
Description : Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 03:15:00 GMT

read more

CVE-2025-6078 - Partner Software's Partner Software Stored XSS Vulnerability

CVE ID : CVE-2025-6078
Published : Aug. 2, 2025, 3:15 a.m. | 18 hours, 21 minutes ago
Description : Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 03:15:00 GMT

read more

CVE-2025-54796 - Copyparty Denial of Service (DoS) Regular Expression Injection

CVE ID : CVE-2025-54796
Published : Aug. 2, 2025, 12:15 a.m. | 18 hours, 29 minutes ago
Description : Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54790 - Apache Files SQL Injection

CVE ID : CVE-2025-54790
Published : Aug. 2, 2025, 12:15 a.m. | 17 hours, 20 minutes ago
Description : Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54789 - Apache Files Cross-Site Scripting (XSS)

CVE ID : CVE-2025-54789
Published : Aug. 2, 2025, 12:15 a.m. | 16 hours, 10 minutes ago
Description : Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54782 - Nest Devtools Integration Remote Code Execution Vulnerability

CVE ID : CVE-2025-54782
Published : Aug. 2, 2025, 12:15 a.m. | 14 hours, 9 minutes ago
Description : Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54386 - Traefik WASM Plugin Path Traversal Vulnerability

CVE ID : CVE-2025-54386
Published : Aug. 2, 2025, 12:15 a.m. | 12 hours, 8 minutes ago
Description : Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54781 - Microsoft Azure Entra ID/Intune Token Leak Vulnerability

CVE ID : CVE-2025-54781
Published : Aug. 2, 2025, 12:15 a.m. | 12 hours, 8 minutes ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54133 - Cursor Model Context Protocol (MCP) UI Information Disclosure Vulnerability

CVE ID : CVE-2025-54133
Published : Aug. 2, 2025, 12:15 a.m. | 10 hours, 6 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious `cursor://anysphere.cursor-deeplink/mcp/install` links, the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious deeplink, then examines the installation dialog and clicks through, the full command including the arguments will be executed on the machine. This is fixed in version 1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54136 - Cursor Remote Code Execution Vulnerability

CVE ID : CVE-2025-54136
Published : Aug. 2, 2025, 12:15 a.m. | 10 hours, 6 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54792 - LocalSend Man-in-the-Middle Vulnerability

CVE ID : CVE-2025-54792
Published : Aug. 1, 2025, 11:15 p.m. | 11 hours, 6 minutes ago
Description : LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discovery protocol allows an unauthenticated attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2025-54131 - Cursor Command Injection Bypass

CVE ID : CVE-2025-54131
Published : Aug. 1, 2025, 11:15 p.m. | 9 hours, 50 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an allowlist, an attacker can execute arbitrary command execution outside of the allowlist without user approval. An attacker can trigger this vulnerability if chained with indirect prompt injection. This is fixed in version 1.3.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2025-54132 - "Cursor Mermaid Image Exfiltration Vulnerability"

CVE ID : CVE-2025-54132
Published : Aug. 1, 2025, 11:15 p.m. | 9 hours, 50 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2025-54424 - 1Panel Remote Code Execution (RCE) via Incomplete Certificate Verification

CVE ID : CVE-2025-54424
Published : Aug. 1, 2025, 11:15 p.m. | 9 hours, 50 minutes ago
Description : 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2024-13978 - LibTIFF Null Pointer Dereference Vulnerability

CVE ID : CVE-2024-13978
Published : Aug. 1, 2025, 10:15 p.m. | 10 hours, 50 minutes ago
Description : A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 22:15:00 GMT

read more

CVE-2013-10063 - Netgear SPH200D Path Traversal Vulnerability

CVE ID : CVE-2013-10063
Published : Aug. 1, 2025, 9:15 p.m. | 11 hours, 50 minutes ago
Description : A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10057 - Synactis PDF In-The-Box ActiveX Control Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2013-10057
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10058 - Linksys Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10058
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10059 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10059
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10060 - Netgear Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10060
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10061 - Netgear Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10061
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10062 - "Linksys Router Directory Traversal Vulnerability"

CVE ID : CVE-2013-10062
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10053 - ZPanel Remote Command Execution Vulnerability

CVE ID : CVE-2013-10053
Published : Aug. 1, 2025, 9:15 p.m. | 7 hours, 1 minute ago
Description : A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10055 - Havalite CMS Unauthenticated Remote Code Execution File Upload Vulnerability

CVE ID : CVE-2013-10055
Published : Aug. 1, 2025, 9:15 p.m. | 7 hours, 1 minute ago
Description : An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10049 - Raidsonic NAS Command Injection Vulnerability

CVE ID : CVE-2013-10049
Published : Aug. 1, 2025, 9:15 p.m. | 5 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10050 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10050
Published : Aug. 1, 2025, 9:15 p.m. | 5 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10051 - InstantCMS PHP Code Execution Vulnerability

CVE ID : CVE-2013-10051
Published : Aug. 1, 2025, 9:15 p.m. | 5 hours, 50 minutes ago
Description : A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2012-10022 - Kloxo Setuid Root Privilege Escalation

CVE ID : CVE-2012-10022
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10044 - OpenEMR SQL Injection and Unrestricted File Upload Vulnerability

CVE ID : CVE-2013-10044
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10046 - Agnitum Outpost Internet Security Named Pipe Privilege Escalation Vulnerability

CVE ID : CVE-2013-10046
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10047 - MiniWeb HTTP Server Unrestricted File Upload and Privilege Escalation Vulnerability

CVE ID : CVE-2013-10047
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10048 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10048
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2025-8472 - Alpine iLX-507 Bluetooth vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8472
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-26316.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8473 - Alpine iLX-507 Command Injection Vulnerability

CVE ID : CVE-2025-8473
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wstpCBCUpdStart function. The issue results from the lack of proper validation of user-supplied data before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26317.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8474 - Alpine iLX-507 CarPlay Stack-based Buffer Overflow

CVE ID : CVE-2025-8474
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26318.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8475 - Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8475
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the implementation of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26321.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8476 - Alpine iLX-507 TIDAL Certificate Validation Bypass Root RCE

CVE ID : CVE-2025-8476
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8477 - Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8477
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26324.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8480 - Alpine iLX-507 Tidal Music Streaming Command Injection Remote Code Execution

CVE ID : CVE-2025-8480
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming application. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26357.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6037 - Hashicorp Vault TLS Client Certificate Validation Bypass

CVE ID : CVE-2025-6037
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours ago
Description : Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-50869 - Institute-of-Current-Students XSS

CVE ID : CVE-2025-50869
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-50870 - Institute-of-Current-Students Student Information Disclosure via Incorrect Access Control

CVE ID : CVE-2025-50870
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53009 - MaterialX Stack Exhaustion Crash Vulnerability

CVE ID : CVE-2025-53009
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53010 - MaterialX Null Pointer Dereference Denial of Service

CVE ID : CVE-2025-53010
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53011 - MaterialX Null Pointer Dereference

CVE ID : CVE-2025-53011
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53012 - MaterialX Stack Overflow

CVE ID : CVE-2025-53012
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsing file imports, recursion is used to process nested files; however, there is no limit imposed to the depth of files that can be parsed by the library. By building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54564 - ChargePoint Home Flex Unvalidated Decompression Vulnerability

CVE ID : CVE-2025-54564
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54574 - Squid Heap Buffer Overflow (Remote Code Execution)

CVE ID : CVE-2025-54574
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54590 - Apache WebFinger SSRF Vulnerability

CVE ID : CVE-2025-54590
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in production. This library does not prevent localhost access, only checking for hosts that start with "localhost" and end with a port. Users can exploit this by creating servers that send GET requests with controlled host, path, and port parameters to query services on the instance's host or local network, enabling blind SSRF attacks. This is fixed in version 2.8.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54593 - FreshRSS Remote Code Execution Vulnerability

CVE ID : CVE-2025-54593
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code, user data including hashed passwords can be exfiltrated, the instance can be defaced when file permissions allow. Malicious code can be inserted into the instance to steal plaintext passwords, among others. This is fixed in version 1.26.2.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54595 - Pearcleaner Privilege Escalation Vulnerability

CVE ID : CVE-2025-54595
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-5999 - "Vault Privileged Escalation Vulnerability"

CVE ID : CVE-2025-5999
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6000 - Apache Vault Code Execution Vulnerability

CVE ID : CVE-2025-6000
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6004 - Vault User Lockout Bypass

CVE ID : CVE-2025-6004
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6011 - HashiCorp Vault Userpass Timing Side Channel Disclosure

CVE ID : CVE-2025-6011
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6014 - Vault TOTP Secrets Engine Code Reuse Vulnerability

CVE ID : CVE-2025-6014
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6015 - Vault Two-Factor Authentication Bypass and Token Reuse

CVE ID : CVE-2025-6015
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-45150 - LangChain-ChatGLM-Webui File Disclosure Vulnerability

CVE ID : CVE-2025-45150
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-45778 - The Language Sloth Web Application Stored XSS

CVE ID : CVE-2025-45778
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-48074 - OpenEXR DataWindow Size Validation Vulnerability

CVE ID : CVE-2025-48074
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-51501 - Microweber CMS Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-51501
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-51502 - Microweber CMS Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-51502
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-51504 - Microweber CMS Cross Site Scripting (XSS)

CVE ID : CVE-2025-51504
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2019-19144 - Quantum DXi6702 XML External Entity Injection Vulnerability

CVE ID : CVE-2019-19144
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-44139 - Emlog Pro File Upload Vulnerability

CVE ID : CVE-2025-44139
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-50460 - Apache Ms-Swift Remote Code Execution (RCE)

CVE ID : CVE-2025-50460
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-50472 - Apache Spark - Deserialization Code Execution Vulnerability

CVE ID : CVE-2025-50472
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized `.mdl` payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. Note that the payload file is a hidden file, making it difficult for the victim to detect tampering. More importantly, during the model training process, after the `.mdl` file is loaded and executes arbitrary code, the normal training process remains unaffected'meaning the user remains unaware of the arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-52327 - Restaurant Order System SQL Injection

CVE ID : CVE-2025-52327
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-52361 - Lighttpd AK-Nord USB-Server-LXL Root Command Execution

CVE ID : CVE-2025-52361
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-52390 - Saurus CMS SQL Injection Vulnerability

CVE ID : CVE-2025-52390
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-45767 - Jose Weak Encryption Vulnerability

CVE ID : CVE-2025-45767
Published : Aug. 1, 2025, 3:15 p.m. | 3 hours ago
Description : jose v6.0.10 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 15:15:00 GMT

read more

CVE-2023-44976 - Shunwang Rentdrv2 EDR Process Termination Vulnerability

CVE ID : CVE-2023-44976
Published : Aug. 1, 2025, 2:15 p.m. | 4 hours ago
Description : Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 14:15:00 GMT

read more

CVE-2025-46018 - CSC Pay Mobile App Bluetooth Payment Authorization Bypass Vulnerability

CVE ID : CVE-2025-46018
Published : Aug. 1, 2025, 2:15 p.m. | 4 hours ago
Description : CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 14:15:00 GMT

read more

CVE-2025-41370 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41370
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41371 - Gandia Integra Total TESI SQL Injection

CVE ID : CVE-2025-41371
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb_v4/integra/html/view/acceso.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41372 - Gandia Integra Total TESI SQL Injection

CVE ID : CVE-2025-41372
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41373 - Gandia Integra Total TESI SQL Injection

CVE ID : CVE-2025-41373
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41374 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41374
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41375 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41375
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultaincimails.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41376 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41376
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-4684 - WordPress BlockSpare Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4684
Published : Aug. 1, 2025, 12:15 p.m. | 6 hours ago
Description : The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of Image Carousel and Image Slider widgets in all versions up to, and including, 3.2.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 12:15:00 GMT

read more

CVE-2025-6228 - Sina Extension for Elementor Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6228
Published : Aug. 1, 2025, 12:15 p.m. | 6 hours ago
Description : The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Sina Table` widgets in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 12:15:00 GMT

read more

CVE-2025-6398 - ASUS AI Suite 3 Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-6398
Published : Aug. 1, 2025, 9:15 a.m. | 7 hours, 50 minutes ago
Description : A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 09:15:00 GMT

read more

CVE-2025-8443 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8443
Published : Aug. 1, 2025, 9:15 a.m. | 7 hours, 50 minutes ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 09:15:00 GMT

read more

CVE-2025-8441 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8441
Published : Aug. 1, 2025, 8:15 a.m. | 8 hours, 50 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 08:15:00 GMT

read more

CVE-2025-8442 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8442
Published : Aug. 1, 2025, 8:15 a.m. | 8 hours, 50 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 08:15:00 GMT

read more

CVE-2025-8438 - Code-Projects Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8438
Published : Aug. 1, 2025, 7:15 a.m. | 9 hours, 50 minutes ago
Description : A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-8439 - Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8439
Published : Aug. 1, 2025, 7:15 a.m. | 9 hours, 50 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-7646 - Elementor Addons Stored Cross-Site Scripting

CVE ID : CVE-2025-7646
Published : Aug. 1, 2025, 7:15 a.m. | 8 hours, 19 minutes ago
Description : The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-8437 - Kitchen Treasure SQL Injection Vulnerability

CVE ID : CVE-2025-8437
Published : Aug. 1, 2025, 7:15 a.m. | 8 hours, 19 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-31716 - Cisco Bootloader Out-of-Bounds Write Denial of Service

CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-54939 - LiteSpeed QUIC (LSQUIC) Library LSQUIC Engine Packet In Memory Leak

CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-5921 - "SureForms WordPress Reflected Cross-Site Scripting"

CVE ID : CVE-2025-5921
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-8436 - Projectworlds Online Admission System SQL Injection Vulnerability

CVE ID : CVE-2025-8436
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-8454 - Debian Package devscripts OpenPGP Verification Bypass

CVE ID : CVE-2025-8454
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-8435 - Code-projects Online Movie Streaming PHP Remote Authorization Bypass Vulnerability

CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 10 hours, 14 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-7725 - WordPress OpenAI Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 8 hours, 56 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-7845 - Stratum Elementor Widgets Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 8 hours, 56 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-4523 - IDonate WordPress Plugin Unauthorized Data Access Vulnerability

CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 7 hours, 50 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-7443 - BerqWP Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 7 hours, 50 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-54846 - Apache HTTP Server HTTP Request Smuggling

CVE ID : CVE-2025-54846
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54847 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-5947 - WordPress Service Finder Bookings Privilege Escalation

CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-8433 - Dell Document Management System Path Traversal Vulnerability

CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-8434 - Apache Code-projects Online Movie Streaming Remote File Inclusion Vulnerability

CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54844 - Apache Struts Command Execution

CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 13 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54845 - Adobe Flash Memory Corruption Vulnerability

CVE ID : CVE-2025-54845
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 13 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54842 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54843 - Fortinet DNS Server Insufficient Input Validation

CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2019-19145 - Quantum SuperLoader 3 Password Brute Force

CVE ID : CVE-2019-19145
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-53399 - Sipwise RTPengine RTP Stream Injection and Interception Vulnerability

CVE ID : CVE-2025-53399
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54657 - Apache Struts Command Injection

CVE ID : CVE-2025-54657
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54839 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54839
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54840 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54841 - Apache Struts SQL Injection

CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-5954 - WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability

CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 3 hours, 11 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 03:15:00 GMT

read more

CVE-2025-8431 - PHPGurukul Boat Booking System SQL Injection Vulnerability

CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 4 hours, 11 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 02:15:00 GMT

read more

CVE-2025-48071 - OpenEXR ZIPS-packed Deep Scan-Line Heap Buffer Overflow

CVE ID : CVE-2025-48071
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-48072 - OpenEXR Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-48072
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-48073 - OpenEXR NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2023-32251 - Linux Kernel ksmbd Dictionary Attack Bypass

CVE ID : CVE-2023-32251
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-23289 - NVIDIA Omniverse Launcher Information Disclosure Vulnerability

CVE ID : CVE-2025-23289
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-45768 - PyJWT Weak Encryption

CVE ID : CVE-2025-45768
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : pyjwt v2.10.1 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-50572 - Archer Technology RSA Archer Code Execution Vulnerability

CVE ID : CVE-2025-50572
Published : July 31, 2025, 8:15 p.m. | 8 hours, 49 minutes ago
Description : An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-8286 - Güralp FMUS series Telnet Command Injection Vulnerability

CVE ID : CVE-2025-8286
Published : July 31, 2025, 8:15 p.m. | 8 hours, 49 minutes ago
Description : Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37108 - "HPE Telco Service Activator Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-37108
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37109 - HPE Telco Service Activator Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-37109
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37110 - HPE Telco Network Function Virtual Orchestrator Information Disclosure

CVE ID : CVE-2025-37110
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37111 - HPE Telco Network Function Virtual Orchestrator Authentication Key Storage Policy Information Disclosure

CVE ID : CVE-2025-37111
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37112 - HPE Telco Network Function Virtual Orchestrator Key Storage Policy Information Disclosure

CVE ID : CVE-2025-37112
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-45769 - PHP JWT Weak Encryption Vulnerability

CVE ID : CVE-2025-45769
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : php-jwt v6.11.0 was discovered to contain weak encryption.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-45770 - "Auth0 JWT Weak Encryption Vulnerability"

CVE ID : CVE-2025-45770
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : jwt v5.4.3 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-26062 - Intelbras RX1500/3000 Unauthenticated Access to Settings File

CVE ID : CVE-2025-26062
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 19:15:00 GMT

read more

CVE-2025-26063 - Intelbras RX1500/3000 - Unauthenticated Remote Code Execution Vulnerability

CVE ID : CVE-2025-26063
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 19:15:00 GMT

read more

CVE-2025-26064 - Intelbras RX1500/RX3000 Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-26064
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 19:15:00 GMT

read more

CVE-2025-51385 - D-Link DI-8200 Buffer Overflow Vulnerability

CVE ID : CVE-2025-51385
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-51503 - Microweber CMS Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51503
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-54832 - OPEXUS FOIAXpress Arbitrary State/Territory Modification Vulnerability

CVE ID : CVE-2025-54832
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-54833 - OPEXUS FOIAXpress Bypass Account-Lockout and CAPTCHA Protection Vulnerability

CVE ID : CVE-2025-54833
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-54834 - OPEXUS FOIAXpress Information Disclosure Vulnerability

CVE ID : CVE-2025-54834
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-8426 - Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

CVE ID : CVE-2025-8426
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-24915.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-51384 - D-Link DI-8200 IPsec Buffer Overflow

CVE ID : CVE-2025-51384
Published : July 31, 2025, 6:15 p.m. | 6 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-51383 - D-Link DI-8200 Buffer Overflow Vulnerability

CVE ID : CVE-2025-51383
Published : July 31, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2024-34327 - Sielox AnyWare SQL Injection

CVE ID : CVE-2024-34327
Published : July 31, 2025, 5:15 p.m. | 3 hours, 49 minutes ago
Description : Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 17:15:00 GMT

read more

CVE-2025-50866 - CloudClassroom-PHP Project 1.0 Reflected Cross-site Scripting (XSS)

CVE ID : CVE-2025-50866
Published : July 31, 2025, 5:15 p.m. | 3 hours, 49 minutes ago
Description : CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 17:15:00 GMT

read more

CVE-2025-50867 - CloudClassroom-PHP-Project SQL Injection

CVE ID : CVE-2025-50867
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-52203 - DevaslanPHP Stored XSS

CVE ID : CVE-2025-52203
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-8409 - "Code-projects Vehicle Management SQL Injection"

CVE ID : CVE-2025-8409
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-29556 - ExaGrid EX10 Incorrect Access Control Bypass

CVE ID : CVE-2025-29556
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-46809 - SUSE Multi Linux Manager HTTP Proxy Credentials Disclosure

CVE ID : CVE-2025-46809
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-50847 - CS Cart CSRF Add Product to Comparison List

CVE ID : CVE-2025-50847
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-50848 - "CS Cart Cross-Site Scripting (XSS) File Upload Vulnerability"

CVE ID : CVE-2025-50848
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-50850 - CS Cart Brute Force Vendor Login

CVE ID : CVE-2025-50850
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-34146 - SandboxJS Prototype Pollution Vulnerability

CVE ID : CVE-2025-34146
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-50270 - AnQiCMS Stored XSS

CVE ID : CVE-2025-50270
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, categoryTitle, and tmpTag parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-50475 - Russound MBX-PRE-D67F OS Command Injection Vulnerability

CVE ID : CVE-2025-50475
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-50849 - CS Cart IDOR

CVE ID : CVE-2025-50849
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-51569 - LB-Link BL-CPE300M Router Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-51569
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to inject arbitrary JavaScript, which is executed in the context of the router's origin when the crafted URL is accessed. The issue requires user interaction to exploit.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-52289 - MagnusBilling Broken Access Control Vulnerability

CVE ID : CVE-2025-52289
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-8408 - Apache Vehicle Management SQL Injection

CVE ID : CVE-2025-8408
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125121 - Array Networks vAPV/vxAG SSH Privilege Escalation Vulnerability

CVE ID : CVE-2014-125121
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges. Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125122 - Linksys WRT120N Remote Stack Buffer Overflow Vulnerability

CVE ID : CVE-2014-125122
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125123 - Kloxo SQL Injection Vulnerability

CVE ID : CVE-2014-125123
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the administrator’s password from the backend database. After recovering valid credentials, the attacker can authenticate to the Kloxo control panel and leverage the Command Center feature (display.php) to execute arbitrary operating system commands as root on the underlying host system. This vulnerability was reported to be exploited in the wild in January 2014.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125124 - Pandora FMS Anyterm Remote Command Execution

CVE ID : CVE-2014-125124
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125125 - A10 Networks AX Loadbalancer Path Traversal Vulnerability

CVE ID : CVE-2014-125125
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125126 - Apache Simple E-Document Unrestricted File Upload and Authentication Bypass

CVE ID : CVE-2014-125126
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2024-34328 - Sielox AnyWare Open Redirect Vulnerability

CVE ID : CVE-2024-34328
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-29557 - ExaGrid EX10 Remote Authentication Bypass

CVE ID : CVE-2025-29557
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10042 - FreeFTPd FTP PASS Command Stack-Based Buffer Overflow

CVE ID : CVE-2013-10042
Published : July 31, 2025, 3:15 p.m. | 2 hours, 12 minutes ago
Description : A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10043 - OAstium VoIP PBX Remote Code Execution Vulnerability

CVE ID : CVE-2013-10043
Published : July 31, 2025, 3:15 p.m. | 2 hours, 12 minutes ago
Description : A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10033 - Kimai SQL Injection Remote Code Execution

CVE ID : CVE-2013-10033
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10034 - Kaseya KServer Unauthenticated File Upload Remote Code Execution Vulnerability

CVE ID : CVE-2013-10034
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10035 - ProcessMaker Code Injection Vulnerability

CVE ID : CVE-2013-10035
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10036 - Beetel Connection Manager Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2013-10036
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10037 - WebTester OS Command Injection Vulnerability

CVE ID : CVE-2013-10037
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10038 - FlashChat Arbitrary File Upload Vulnerability

CVE ID : CVE-2013-10038
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10039 - GestioIP Command Injection Vulnerability

CVE ID : CVE-2013-10039
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10040 - ClipBucket Remote Code Execution Vulnerability

CVE ID : CVE-2013-10040
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-54589 - Copyparty Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-54589
Published : July 31, 2025, 2:15 p.m. | 49 minutes ago
Description : Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `